Re: [PATCH] docs/system: Fix grammar in documentation

[Paolo Bonzini]

On 31/08/20 22:01, Philippe Mathieu-Daudé wrote:
> 
> 
> Le jeu. 27 août 2020 19:31, Stefan Weil  > a écrit :
> 
> Signed-off-by: Stefan Weil mailto:s...@weilnetz.de>>
> 
> 
> Reviewed-by: Philippe Mathieu-Daudé  >
> 
> ---
>  docs/system/build-platforms.rst | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/docs/system/build-platforms.rst
> b/docs/system/build-platforms.rst
> index c2b92a9698..9734eba2f1 100644
> --- a/docs/system/build-platforms.rst
> +++ b/docs/system/build-platforms.rst
> @@ -57,12 +57,12 @@ macOS
>  -
> 
>  The project supports building with the two most recent versions of
> -macOS, with the current homebrew package set available.
> +macOS, with the current Homebrew package set available.
> 
>  FreeBSD
>  ---
> 
> -The project aims to support the all the versions which are not end of
> +The project aims to support all versions which are not end of
>  life.
> 
>  NetBSD
> @@ -75,5 +75,5 @@ new major version is released.
>  OpenBSD
>  ---
> 
> -The project aims to support the all the versions which are not end of
> +The project aims to support all versions which are not end of
>  life.
> -- 
> 2.28.0
> 
> 

Cc: qemu-triv...@nongnu.org

[PATCH] usb: call usb_packet_cleanup on usb_packet_map failure

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/hcd-ehci.c | 2 ++
 hw/usb/hcd-xhci.c | 1 +
 2 files changed, 3 insertions(+)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 2b995443fbfd..67847a9cf5f1 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1373,6 +1373,7 @@ static int ehci_execute(EHCIPacket *p, const char *action)
 usb_packet_setup(>packet, p->pid, ep, 0, p->qtdaddr, spd,
  (p->qtd.token & QTD_TOKEN_IOC) != 0);
 if (usb_packet_map(>packet, >sgl)) {
+usb_packet_cleanup(>packet);
 qemu_sglist_destroy(>sgl);
 return -1;
 }
@@ -1456,6 +1457,7 @@ static int ehci_process_itd(EHCIState *ehci,
 usb_packet_setup(>ipacket, pid, ep, 0, addr, false,
  (itd->transact[i] & ITD_XACT_IOC) != 0);
 if (usb_packet_map(>ipacket, >isgl)) {
+usb_packet_cleanup(>ipacket);
 qemu_sglist_destroy(>isgl);
 return -1;
 }
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 46a2186d912a..9b156048920d 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1616,6 +1616,7 @@ static int xhci_setup_packet(XHCITransfer *xfer)
 usb_packet_setup(>packet, dir, ep, xfer->streamid,
  xfer->trbs[0].addr, false, xfer->int_req);
 if (usb_packet_map(>packet, >sgl)) {
+usb_packet_cleanup(>packet);
 qemu_sglist_destroy(>sgl);
 return -1;
 }
-- 
2.27.0

Re: [PATCH] xhci: check return value from usb_packet_map

[Gerd Hoffmann]

On Tue, Sep 01, 2020 at 10:19:26AM +0530, P J P wrote:
> +-- On Sun, 30 Aug 2020, Alexander Bulekov wrote --+
> | I think there is already a fix queued for this one:
> | https://www.mail-archive.com/qemu-devel@nongnu.org/msg734424.html
> 
>   Yes, it looks similar.
> 
> | > @@ -1615,7 +1615,14 @@ static int xhci_setup_packet(XHCITransfer *xfer)
> | >  xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets 
> int_req */
> | >  usb_packet_setup(>packet, dir, ep, xfer->streamid,
> | >   xfer->trbs[0].addr, false, xfer->int_req);
> | > -usb_packet_map(>packet, >sgl);
> | > +if (usb_packet_map(>packet, >sgl) < 0) {
> | > +DPRINTF("xhci: setup packet failed: pid: 0x%x addr %d ep %d\n",
> | > +xfer->packet.pid, ep->dev->addr, ep->nr);
> | > +usb_packet_cleanup(>packet);
> | > +qemu_sglist_destroy(>sgl);
> | > +return -1;
> 
> We don't need 'usb_packet_cleanup' call? (to confirm)

Oh, didn't notice the difference.  I think we need it, otherwise we leak
iov entries in case the packet has multiple segments and only the second
(or any later) fails to map.

take care,
  Gerd

Re: [PATCH] cirrus: handle wraparound in cirrus_invalidate_region

[Gerd Hoffmann]

  Hi,

> > > >  off_cur_end = ((off_cur + bytesperline - 1) & 
> > > > s->cirrus_addr_mask) + 1;
[ ... ]
> > > > +memory_region_set_dirty(>vga.vram, 0, off_cur_end);
> > >
> > > And here be 'off_cur_end -1'
> >
> > --verbose please.  I think this one is correct.
> 
> Here the 'off_cur_end' is size.

Exactly.  And memory_region_set_dirty wants the size.  So everything is
fine, right?

take care,
  Gerd

Re: [PATCH] meson: use pkg-config method to find dependencies

[Gerd Hoffmann]

On Mon, Aug 31, 2020 at 02:15:23PM +0200, Paolo Bonzini wrote:
> On 31/08/20 13:06, Gerd Hoffmann wrote:
> > 
> >> Keep "auto" for SDL so that it tries using
> >> sdl-config too.
> >> -  sdl = dependency('sdl2',
> >> -   required: get_option('sdl'),
> >> +  sdl = dependency('sdl2', required: get_option('sdl'),
> >> +   method: 'pkg-config',
> > code and commit message mismatch here.
> 
> That's docs/devel/build-system.rst,

Oops, missed that, sorry.

> I wanted to keep the "method" so
> that people can cut-and-paste correctly.
> 
> Would you prefer if I switched from sdl2 to something else (for example
> pixman which has a "version" keyword argument as well)?

Sounds like a good idea to me.

take care,
  Gerd

Re: [PATCH] usb: fix setup_len init (CVE-2020-14364)

[P J P]

  Hello Li,

+-- On Tue, 25 Aug 2020, Li Qiang wrote --+
| Just see the page.
| -->https://access.redhat.com/security/cve/CVE-2020-14364
| 
| The 'Attack Vector' of the CVSS score here is 'local'.
| 
| I think this should be 'network' as the guest user can touch this in cloud 
| environment? What's the consideration here?

  -> 
https://www.first.org/cvss/v3.1/user-guide#3-5-Scope-Vulnerable-Component-and-Impacted-Component

AV:Network or Adjacent is generally used when issue involves network stack. In 
this case it's a usb device r/w operation.


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

Re: [PATCH] cirrus: handle wraparound in cirrus_invalidate_region

[Li Qiang]

Gerd Hoffmann  于2020年8月31日周一 下午7:23写道：
>
> > >  for (y = 0; y < lines; y++) {
> > > -off_cur = off_begin;
> > > +off_cur = off_begin & s->cirrus_addr_mask;
> > >  off_cur_end = ((off_cur + bytesperline - 1) & 
> > > s->cirrus_addr_mask) + 1;
> > > -assert(off_cur_end >= off_cur);
> > > -memory_region_set_dirty(>vga.vram, off_cur, off_cur_end - 
> > > off_cur);
> > > +if (off_cur_end >= off_cur) {
> > > +memory_region_set_dirty(>vga.vram, off_cur, off_cur_end - 
> > > off_cur);
> > > +} else {
> > > +/* wraparound */
> > > +memory_region_set_dirty(>vga.vram, off_cur, 
> > > s->cirrus_addr_mask - off_cur);
> >
> > Should here be 's->cirrus_addr_mask + 1 - off_cur'
>
> Yes (mask != size).


Say if we have a range 0~0x2000 then the mask is '0x1fff' and the
off_cur is 0x1000.

0.0x1000.  0x2000
off_cur

Then the wrap occurs.

In the first set.
We just sets 0x1fff-0x1000= 0xfff bytes.
In fact we need to set 0x1000 bytes.




>
> > > +memory_region_set_dirty(>vga.vram, 0, off_cur_end);
> >
> > And here be 'off_cur_end -1'
>
> --verbose please.  I think this one is correct.

Here the 'off_cur_end' is size.
In this second set we actually sets 'off_cur_end+1' size bytes.

In a word, I think the first lost a byte and the second added a more byte .

Thank,s
Li Qiang

>
> take care,
>   Gerd
>

Re: [PATCH] xhci: check return value from usb_packet_map

[P J P]

+-- On Sun, 30 Aug 2020, Alexander Bulekov wrote --+
| I think there is already a fix queued for this one:
| https://www.mail-archive.com/qemu-devel@nongnu.org/msg734424.html

  Yes, it looks similar.

| > @@ -1615,7 +1615,14 @@ static int xhci_setup_packet(XHCITransfer *xfer)
| >  xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req 
*/
| >  usb_packet_setup(>packet, dir, ep, xfer->streamid,
| >   xfer->trbs[0].addr, false, xfer->int_req);
| > -usb_packet_map(>packet, >sgl);
| > +if (usb_packet_map(>packet, >sgl) < 0) {
| > +DPRINTF("xhci: setup packet failed: pid: 0x%x addr %d ep %d\n",
| > +xfer->packet.pid, ep->dev->addr, ep->nr);
| > +usb_packet_cleanup(>packet);
| > +qemu_sglist_destroy(>sgl);
| > +return -1;

We don't need 'usb_packet_cleanup' call? (to confirm)


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

RE: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for instructions with multiple definitions

[Taylor Simpson]

> -Original Message-
> From: Richard Henderson 
> Sent: Monday, August 31, 2020 8:41 PM
> To: Taylor Simpson ; qemu-devel@nongnu.org
> Cc: phi...@redhat.com; laur...@vivier.eu; riku.voi...@iki.fi;
> aleksandar.m.m...@gmail.com; a...@rev.ng
> Subject: Re: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for
> instructions with multiple definitions
>
> On 8/31/20 4:10 PM, Taylor Simpson wrote:
> >
> >
> >> -Original Message-
> >> From: Richard Henderson 
> >> Sent: Monday, August 31, 2020 1:20 PM
> >> To: Taylor Simpson ; qemu-devel@nongnu.org
> >> Cc: phi...@redhat.com; laur...@vivier.eu; riku.voi...@iki.fi;
> >> aleksandar.m.m...@gmail.com; a...@rev.ng
> >> Subject: Re: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for
> >> instructions with multiple definitions
> >>
> >> The fGEN_TCG_A2_add macro does not require nor use that {...}
> argument.
> >
> > The fGEN_TCG_A2_add macro does need that argument, but there are
> cases that
> > do need it.  Here's an example from gen_tcg.h
> > #define fGEN_TCG_L2_loadrub_pr(SHORTCODE)  SHORTCODE
> > This is explained in the README, but basically the argument is useful if we
> > can properly define the macros that it contains to generate TCG.
> We're certainly not going to be able to handle e.g. "+" or "if", so it is 
> going
> to work only for the most trivial of SHORTCODE.
>
> Though in fact loadrub_pr makes that grade...

The prior version of this series included all the overrides I've written to 
date.  To reduce the size of this version, I removed most of them and only left 
the ones that are essential for correct execution.  I plan to submit the others 
in subsequent series.  Anyway, there are >50 overrides of load/store 
instructions that leverage SHORTCODE.

> > IMO, we don't want the person who writes an override having to
> reproduce the
> > generated code.  Assuming we have a definition of fGEN_TCG_A2_add and
> we
> > have the generator intelligently expanding the macros, this is what will be
> > generated.
> You need to give me a better example that A2_add, then.  Because I see that
> being exactly one line, calling a helper that handles all instructions of the
> same format, passing tcg_gen_add_tl as a callback.

Here's a more complicated example for a predicated post-increment load

Static void generate_L2_ploadrit_pi(CPUHexagonState *env, DisasContext*cts, 
insn_t *insn, packet_t *pkt)
{
/* L2_ploadrit_pi */
TCGv EA = tcg_temp_local_new();
int PtN = insn->regno[0];
TCGv PtV = hex_pred[PtN];
int RdN = insn->regno[1];
TCGv RdV = tcg_temp_local_new();
if (!is_preloaded(ctx, RdN)) {
tcg_gen_mov_tl(hex_hew_value[RdN], hex_gpr[RdN]);
}
int RxN = insn->regno[2];
TCGv RxV = tcg_temp_local_new();
if (!is_preloaded(ctx, RxN)) {
tcg_gen_mov_tl(hex_new_value[RdN], hex_gpr[RxN]);
}
int siV = insn->immed[0];
tcg_gen_mov_tl(RxV, hex_gpr[RxN]);
fGEN_TCG_L2_ploadrit_pi({fEA_REG(RxV); if(fLSBOLD(PtV)){ fPM_I(RxV,siV); 
fLOAD(1,4,u,EA,RdV);} else {LOAD_CANCEL(EA);}});
gen_log_reg_write(RdN, RdV, insn->slot, 1);
gen_log_reg_write(RxN, RxV, insn->slot, 1);
tcg_temp_free(EA);
tcg_temp_free(RdV);
tcg_temp_free(RxV);
/* L2_ploadrit_pi */
}


> Have a browse through my recent microblaze decodetree conversion.  Note
> that
> the basic logical operations are implemented with exactly one source line.

With a helper function, our compares are all one line also

static inline void gen_compare(TCGCond cond, TCGv res, TCGv arg1, TCGv arg2)
{
TCGv one = tcg_const_tl(0xff);
TCGv zero = tcg_const_tl(0);

tcg_gen_movcond_tl(cond, res, arg1, arg2, one, zero);

tcg_temp_free(one);
tcg_temp_free(zero);
}

/* Compare instructions */
#define fGEN_TCG_C2_cmpeq(SHORTCODE) \
gen_compare(TCG_COND_EQ, PdV, RsV, RtV)
#define fGEN_TCG_C4_cmpneq(SHORTCODE) \
gen_compare(TCG_COND_NE, PdV, RsV, RtV)
#define fGEN_TCG_C2_cmpgt(SHORTCODE) \
gen_compare(TCG_COND_GT, PdV, RsV, RtV)
#define fGEN_TCG_C2_cmpgtu(SHORTCODE) \
gen_compare(TCG_COND_GTU, PdV, RsV, RtV)
...



> > Unlike the generate_ functions that all have the same signature.  The
> overrides would have different signatures.  This would be more defensive
> programming because you know exactly where the variables come from but
> more verbose when writing the overrides by hand.  Also, note that these
> need to be macros in order to take advantage of the SHORTCODE.
> >
> > In other words, instead of
> > #define fGEN_TCG_A2_add(SHORTCODE)tcg_gen_add_tl(RdV, RsV, RtV)
> >
> > We would write
> > #define fGEN_TCG_A2_add(env, ctx, insn, pkt, RdV, RsV, RtV,
> SHORTCODE)tcg_gen_add_tl(RdV, RsV, RtV);
> >
> > Personally, I prefer the former, but will change to the latter if you feel
> strongly.
>
> This comes from trying to handle instructions in different ways, but
> represent
> them all the same.
>
> I guess I see the attraction of the magic non-parameters -- you get a
> compilation error if the variable is not present, but are not tied to
> positional parameters.
>
> Ho hum. 

Contributing to x86 device emulationi

[Rohit Shinde]

Hello everyone,

I am a software engineer working as an SDE in the industry and I have been
wanting to contribute to QEMU. I mailed earlier introducing myself to the
mailing list and I was told to talk to specific people who work with the
subsystem I want to contribute to.

I am interested in contributing to the following areas of QEMU: KVM, x86
device emulation and storage optimization. I was hoping that I could get
some pointers on areas where I could contribute to. I am a bit lost since
QEMU is a vast project and I don't really know whether any
specific features are being worked on. If I had a goal in mind, that would
make it much easier to navigate the codebase as well.

My skillset is as follows: 3 years of work experience in Java and Python,
experience in designing and developing backend systems, APIs, deployments
and productionizing Machine Learning algorithms. I have knowledge of C/C++
as well, but I am a bit rusty there.

My questions that I hope to get answers to are these:

   1. Is there any specific area within x86 emulation, storage optimzation
   or KVM that I could contribute to? I am willing to work on chunks of
   projects too, if there are any that are ongoing.
   2. What background knowledge do I need for contribution? I have a good
   understanding of how the linux kernel works. I also have a decent
   familiarity with x86 architecture.


Thank you for reading this far and I look forward to hearing back from you.

Thanks,
Rohit.

Re: [PATCH v3 1/7] vhost: recheck dev state in the vhost_migration_log routine

[Raphael Norwitz]

On Mon, Aug 31, 2020 at 5:28 AM Dima Stepanov  wrote:
>
> vhost-user devices can get a disconnect in the middle of the VHOST-USER
> handshake on the migration start. If disconnect event happened right
> before sending next VHOST-USER command, then the vhost_dev_set_log()
> call in the vhost_migration_log() function will return error. This error
> will lead to the assert() and close the QEMU migration source process.
> For the vhost-user devices the disconnect event should not break the
> migration process, because:
>   - the device will be in the stopped state, so it will not be changed
> during migration
>   - if reconnect will be made the migration log will be reinitialized as
> part of reconnect/init process:
> #0  vhost_log_global_start (listener=0x563989cf7be0)
> at hw/virtio/vhost.c:920
> #1  0x56398603d8bc in listener_add_address_space 
> (listener=0x563989cf7be0,
> as=0x563986ea4340 )
> at softmmu/memory.c:2664
> #2  0x56398603dd30 in memory_listener_register 
> (listener=0x563989cf7be0,
> as=0x563986ea4340 )
> at softmmu/memory.c:2740
> #3  0x563985fd6956 in vhost_dev_init (hdev=0x563989cf7bd8,
> opaque=0x563989cf7e30, backend_type=VHOST_BACKEND_TYPE_USER,
> busyloop_timeout=0)
> at hw/virtio/vhost.c:1385
> #4  0x563985f7d0b8 in vhost_user_blk_connect (dev=0x563989cf7990)
> at hw/block/vhost-user-blk.c:315
> #5  0x563985f7d3f6 in vhost_user_blk_event (opaque=0x563989cf7990,
> event=CHR_EVENT_OPENED)
> at hw/block/vhost-user-blk.c:379
> Update the vhost-user-blk device with the internal started_vu field which
> will be used for initialization (vhost_user_blk_start) and clean up
> (vhost_user_blk_stop). This additional flag in the VhostUserBlk structure
> will be used to track whether the device really needs to be stopped and
> cleaned up on a vhost-user level.
> The disconnect event will set the overall VHOST device (not vhost-user) to
> the stopped state, so it can be used by the general vhost_migration_log
> routine.
> Such approach could be propogated to the other vhost-user devices, but
> better idea is just to make the same connect/disconnect code for all the
> vhost-user devices.
>
> This migration issue was slightly discussed earlier:
>   - https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg01509.html
>   - https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05241.html
>
> Signed-off-by: Dima Stepanov 

Reviewed-by: Raphael Norwitz 

> ---
>  hw/block/vhost-user-blk.c  | 19 ---
>  hw/virtio/vhost.c  | 27 ---
>  include/hw/virtio/vhost-user-blk.h | 10 ++
>  3 files changed, 50 insertions(+), 6 deletions(-)
>
> diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
> index 39aec42..a076b1e 100644
> --- a/hw/block/vhost-user-blk.c
> +++ b/hw/block/vhost-user-blk.c
> @@ -150,6 +150,7 @@ static int vhost_user_blk_start(VirtIODevice *vdev)
>  error_report("Error starting vhost: %d", -ret);
>  goto err_guest_notifiers;
>  }
> +s->started_vu = true;
>
>  /* guest_notifier_mask/pending not used yet, so just unmask
>   * everything here. virtio-pci will do the right thing by
> @@ -175,6 +176,11 @@ static void vhost_user_blk_stop(VirtIODevice *vdev)
>  VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
>  int ret;
>
> +if (!s->started_vu) {
> +return;
> +}
> +s->started_vu = false;
> +
>  if (!k->set_guest_notifiers) {
>  return;
>  }
> @@ -341,9 +347,7 @@ static void vhost_user_blk_disconnect(DeviceState *dev)
>  }
>  s->connected = false;
>
> -if (s->dev.started) {
> -vhost_user_blk_stop(vdev);
> -}
> +vhost_user_blk_stop(vdev);
>
>  vhost_dev_cleanup(>dev);
>  }
> @@ -399,6 +403,15 @@ static void vhost_user_blk_event(void *opaque, 
> QEMUChrEvent event)
>  NULL, NULL, false);
>  aio_bh_schedule_oneshot(ctx, vhost_user_blk_chr_closed_bh, 
> opaque);
>  }
> +
> +/*
> + * Move vhost device to the stopped state. The vhost-user device
> + * will be clean up and disconnected in BH. This can be useful in
> + * the vhost migration code. If disconnect was caught there is an
> + * option for the general vhost code to get the dev state without
> + * knowing its type (in this case vhost-user).
> + */
> +s->dev.started = false;
>  break;
>  case CHR_EVENT_BREAK:
>  case CHR_EVENT_MUX_IN:
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 1a1384e..ffef7ab 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -861,21 +861,42 @@ static int vhost_migration_log(MemoryListener 
> *listener, bool enable)
>  dev->log_enabled = enable;
>  return 0;
>  }
> +
> +r = 0;
>  if (!enable) {
>  r = vhost_dev_set_log(dev, false);
>  if 

Re: [PATCH v2 2/7] vhost: check queue state in the vhost_dev_set_log routine

[Raphael Norwitz]

On Mon, Aug 31, 2020 at 4:37 AM Dima Stepanov  wrote:
>
> On Thu, Aug 27, 2020 at 09:46:03PM -0400, Raphael Norwitz wrote:
> > On Mon, Aug 24, 2020 at 4:41 AM Dima Stepanov  
> > wrote:
> > >
> > > If the vhost-user-blk daemon provides only one virtqueue, but device was
> > > added with several queues, then QEMU will send more VHOST-USER command
> > > than expected by daemon side. The vhost_virtqueue_start() routine
> > > handles such case by checking the return value from the
> > > virtio_queue_get_desc_addr() function call. Add the same check to the
> > > vhost_dev_set_log() routine.
> > >
> > > Signed-off-by: Dima Stepanov 
> > > ---
> > >  hw/virtio/vhost.c | 12 
> > >  1 file changed, 12 insertions(+)
> > >
> > > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > > index ffef7ab..a33ffd4 100644
> > > --- a/hw/virtio/vhost.c
> > > +++ b/hw/virtio/vhost.c
> > > @@ -825,12 +825,24 @@ static int vhost_dev_set_features(struct vhost_dev 
> > > *dev,
> > >  static int vhost_dev_set_log(struct vhost_dev *dev, bool enable_log)
> > >  {
> > >  int r, i, idx;
> > > +hwaddr addr;
> > > +
> > >  r = vhost_dev_set_features(dev, enable_log);
> > >  if (r < 0) {
> > >  goto err_features;
> > >  }
> > >  for (i = 0; i < dev->nvqs; ++i) {
> > >  idx = dev->vhost_ops->vhost_get_vq_index(dev, dev->vq_index + i);
> > > +addr = virtio_queue_get_desc_addr(dev->vdev, idx);
> > > +if (!addr) {
> > > +/*
> > > + * The queue might not be ready for start. If this
> > > + * is the case there is no reason to continue the process.
> > > + * The similar logic is used by the vhost_virtqueue_start()
> > > + * routine.
> > > + */
> >
> > Shouldn’t we goto err_vq here to reset the logging state of any vqs
> > which have already been set?
> As i understand it, no we shouldn't reset the state of other queues. In
> general it is pretty valid case. Let's assume that the backend
> vhost-user device supports only two queues. But for instance, the QEMU
> command line is using value 4 to define number of virtqueues of such
> device. In this case only 2 queues will be initializaed.

I see - makes more sense now.

>
> I've tried to reflect it in the comment section, that the
> vhost_virtqueue_start() routine has been alread made the same:
>   "if a queue isn't ready for start, just return 0 without any error"
> So i made the same here.
>

In your example is a reason why, if queue 3 is uninitialized, queue 4
must also be uninitialized? I realize queue 4 being initialized while
queue 3 is not is a strange case, but it may still make the code more
robust to use a "continue" here instead of a "break". This also seems
more like the logic in vhost_virtqueue_start()/vhost_dev_start().

> I've found this issue, while testing migration with the default
> vhost-user-blk daemon. It fails with assert or sigsegv (don't remember),
> because it receives NULL for the queues it doesn't have. In general
> the daemon should not fall, because of unexpected VHOST_USER
> communication, but also there is no reason for QEMU to send additional
> packets.
>
> >
> > > +break;
> > > +}
> > >  r = vhost_virtqueue_set_addr(dev, dev->vqs + i, idx,
> > >   enable_log);
> > >  if (r < 0) {
> > > --
> > > 2.7.4
> > >
> > >

Re: [PATCH v2 0/2] util/hexdump: Cleanup qemu_hexdump()

[Jason Wang]

On 2020/8/23 上午2:09, Philippe Mathieu-Daudé wrote:

- Pass const void* buffer
- Reorder arguments

Supersedes: <20200822150457.1322519-1-f4...@amsat.org>

Philippe Mathieu-Daudé (2):
   util/hexdump: Convert to take a void pointer argument
   util/hexdump: Reorder qemu_hexdump() arguments

  include/qemu-common.h|  3 ++-
  hw/dma/xlnx_dpdma.c  |  2 +-
  hw/net/fsl_etsec/etsec.c |  2 +-
  hw/net/fsl_etsec/rings.c |  2 +-
  hw/sd/sd.c   |  2 +-
  hw/usb/redirect.c|  2 +-
  net/colo-compare.c   | 24 
  net/net.c|  2 +-
  util/hexdump.c   |  4 +++-
  util/iov.c   |  2 +-
  10 files changed, 24 insertions(+), 21 deletions(-)



Applied.

Thanks

Re: [RFC v3 1/1] memory: Skip bad range assertion if notifier supports arbitrary masks

[Jason Wang]

On 2020/8/21 下午10:12, Peter Xu wrote:

On Thu, Aug 20, 2020 at 10:28:00AM +0800, Jason Wang wrote:

On 2020/8/19 下午11:50, Peter Xu wrote:

On Wed, Aug 19, 2020 at 03:15:26PM +0800, Jason Wang wrote:

Yes, actually, I feel confused after reading the codes. Is notifier->start
IOVA or GPA?

In vfio.c, we did:

      iommu_notifier_init(>n, vfio_iommu_map_notify,
      IOMMU_NOTIFIER_ALL,
      section->offset_within_region,
      int128_get64(llend),
      iommu_idx);

So it looks to me the start and end are GPA, but the assertion above check
it against IOVA which seems to be wrong 

It should be iova; both section->offset_within_region and llend are for the
device's iova address space.  Thanks,


Interesting, how can memory region know which IOVA is used by guest?

Does it need to know? :)

AFAICT what we do here is only register with the whole possible IOVA address
space (e.g., across the whole 64bit address space).  Then vfio will get
notifications when there're new iova ranges mapped into it.



Right, but the whole IOVA address space should be something vIOMMU 
specific, e.g for Intel it should be calculated by GAW, but I found:


    memory_region_init_iommu(_dev_as->iommu, 
sizeof(vtd_dev_as->iommu),

 TYPE_INTEL_IOMMU_MEMORY_REGION, OBJECT(s),
 name, UINT64_MAX);

which assumes UINT64_MAX.

Thanks

Re: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for instructions with multiple definitions

[Richard Henderson]

On 8/31/20 4:10 PM, Taylor Simpson wrote:
> 
> 
>> -Original Message-
>> From: Richard Henderson 
>> Sent: Monday, August 31, 2020 1:20 PM
>> To: Taylor Simpson ; qemu-devel@nongnu.org
>> Cc: phi...@redhat.com; laur...@vivier.eu; riku.voi...@iki.fi;
>> aleksandar.m.m...@gmail.com; a...@rev.ng
>> Subject: Re: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for
>> instructions with multiple definitions
>>
>> The fGEN_TCG_A2_add macro does not require nor use that {...} argument.
> 
> The fGEN_TCG_A2_add macro does need that argument, but there are cases that
> do need it.  Here's an example from gen_tcg.h
> #define fGEN_TCG_L2_loadrub_pr(SHORTCODE)  SHORTCODE
> This is explained in the README, but basically the argument is useful if we
> can properly define the macros that it contains to generate TCG.
We're certainly not going to be able to handle e.g. "+" or "if", so it is going
to work only for the most trivial of SHORTCODE.

Though in fact loadrub_pr makes that grade...

> IMO, we don't want the person who writes an override having to reproduce the 
> generated code.  Assuming we have a definition of fGEN_TCG_A2_add and we
> have the generator intelligently expanding the macros, this is what will be
> generated.
You need to give me a better example that A2_add, then.  Because I see that
being exactly one line, calling a helper that handles all instructions of the
same format, passing tcg_gen_add_tl as a callback.

Have a browse through my recent microblaze decodetree conversion.  Note that
the basic logical operations are implemented with exactly one source line.

> Unlike the generate_ functions that all have the same signature.  The 
> overrides would have different signatures.  This would be more defensive 
> programming because you know exactly where the variables come from but more 
> verbose when writing the overrides by hand.  Also, note that these need to be 
> macros in order to take advantage of the SHORTCODE.
> 
> In other words, instead of
> #define fGEN_TCG_A2_add(SHORTCODE)tcg_gen_add_tl(RdV, RsV, RtV)
> 
> We would write
> #define fGEN_TCG_A2_add(env, ctx, insn, pkt, RdV, RsV, RtV, SHORTCODE)
> tcg_gen_add_tl(RdV, RsV, RtV);
> 
> Personally, I prefer the former, but will change to the latter if you feel 
> strongly.

This comes from trying to handle instructions in different ways, but represent
them all the same.

I guess I see the attraction of the magic non-parameters -- you get a
compilation error if the variable is not present, but are not tied to
positional parameters.

Ho hum.  Maybe I'm trying to overthink this too much before tackling the
ultimate goal of full parsing of the SHORTCODE.

Perhaps the only thing for the short term is to have the generator grep
genptr.c for "#define fGEN", to choose between the two alternatives: inline
generation or out-of-line helper generation.


r~

Re: [PATCH 0/1] tcg: Adjust simd_desc size encoding

[Frank Chang]

On Tue, Sep 1, 2020 at 6:29 AM Richard Henderson <
richard.hender...@linaro.org> wrote:

> Frank, this is intended to address the vector size limitation
> that you encountered with the risc-v rvv patch set, as per
>
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg07924.html
>
> although not exactly like that email says.
>
> This will allow vectors up to 2k bytes in length.
> Please test, if you can.
>
>
> r~
>
>
> Richard Henderson (1):
>   tcg: Adjust simd_desc size encoding
>
>  include/tcg/tcg-gvec-desc.h | 38 -
>  tcg/tcg-op-gvec.c   | 35 ++
>  2 files changed, 52 insertions(+), 21 deletions(-)
>
> --
> 2.25.1
>
>
Thanks Richard, I will give it a try on my RVV 1.0.
Thanks for the quick fix.

Frank Chang

Re: [PATCH 0/7] target/arm: Add vSPE support to KVM guest

[Haibo Xu]

On Mon, 31 Aug 2020 at 15:56, Auger Eric  wrote:
>
> Hi Haibo,
>
> On 8/7/20 10:10 AM, Haibo Xu wrote:
> > This series add support for SPE(Statistical Profiling Extension)[1]
> > in KVM guest. It's based on Andrew Murray's kernel KVM patches V2[2],
> > and has been tested to ensure that guest can use SPE with valid data.
> > E.g.
> >
> > In host:
> > $ ./qemu-system-aarch64 \
> > -cpu host -M virt,accel=kvm,gic-version=3 -nographic -m 2048M \
> > -kernel ./Image-new \
> > -initrd /boot/initrd.img-5.6.0-rc2+ \
> > -append "root=/dev/vda rw console=ttyAMA0" -nodefaults -serial 
> > stdio\
> > -drive if=none,file=./xenial.rootfs.ext4,id=hd0,format=raw \
> > -device virtio-blk-device,drive=hd0  \
> >
> > In guest:
> > $ perf record -e arm_spe/ts_enable=1,pa_enable=1,pct_enable=1/ \
> > dd if=/dev/zero of=/dev/null count=1000
> > $ perf report --dump-raw-trace > spe_buf.txt
> >
> > The spe_buf.txt should contain similar data as below:
> >
> > . ... ARM SPE data: size 135944 bytes
> > .  :  b0 f4 d3 29 10 00 80 ff a0  PC 
> > 0xff80001029d3f4 el1 ns=1
> > .  0009:  99 0b 00LAT 11 ISSUE
> > .  000c:  98 0d 00LAT 13 TOT
> > .  000f:  52 16 00EV RETIRED 
> > L1D-ACCESS TLB-ACCESS
> > .  0012:  49 00   LD
> > .  0014:  b2 d0 40 d8 70 00 00 ff 00  VA 
> > 0xff70d840d0
> > .  001d:  9a 01 00LAT 1 XLAT
> > .  0020:  00 00 00PAD
> > .  0023:  71 a5 1f b3 20 14 00 00 00  TS 86447955877
> > .  002c:  b0 7c f9 29 10 00 80 ff a0  PC 
> > 0xff80001029f97c el1 ns=1
> > .  0035:  99 02 00LAT 2 ISSUE
> > .  0038:  98 03 00LAT 3 TOT
> > .  003b:  52 02 00EV RETIRED
> > .  003e:  48 00   INSN-OTHER
> > .  0040:  00 00 00PAD
> > .  0043:  71 ef 1f b3 20 14 00 00 00  TS 86447955951
> > .  004c:  b0 f0 e9 29 10 00 80 ff a0  PC 
> > 0xff80001029e9f0 el1 ns=1
> > .  0055:  99 02 00LAT 2 ISSUE
> > .  0058:  98 03 00LAT 3 TOT
> > .  005b:  52 02 00EV RETIRED
> >
> > If you want to disable the vSPE support, you can use the 'spe=off' cpu
> > property:
> >
> > ./qemu-system-aarch64 \
> > -cpu host,spe=off -M virt,accel=kvm,gic-version=3 -nographic -m 
> > 2048M \
> > -kernel ./Image-new \
> > -initrd /boot/initrd.img-5.6.0-rc2+ \
> > -append "root=/dev/vda rw console=ttyAMA0" -nodefaults -serial 
> > stdio\
> > -drive if=none,file=./xenial.rootfs.ext4,id=hd0,format=raw \
> > -device virtio-blk-device,drive=hd0  \
> >
> > Note:
> > (1) Since the kernel patches are still under review, some of the macros
> > in the header files may be changed after merging. We may need to
> > update them accordingly.
> to be more explicit one needs to replace on the kernel 5.5-rc2 based series
>
> -#define KVM_CAP_ARM_SPE_V1 179
> +#define KVM_CAP_ARM_SPE_V1 184
>
> I got misleaded ;-)
>
> + Andrew in CC as he contributed the kernel part.
>
> For information, I have been working on a kvm unit test series for
> testing SPE. I will send an RFC, most probably this week. At the moment
> I still face some weirdness such as some unexpected Service state in the
> syndrome register. Anyway I will share the existing code so that we can
> discuss the issues.
>
> Are there any plans to respin the kernel series
>
> Thanks
>
> Eric
>

Hi Eric,

Thanks for elaborating on the above macro definition!
The next version of the kernel series are supposed to be sent out in
mid-September,
and it should not change so much except for some macro definitions.

Regards,

Haibo

> > (2) These patches only add vSPE support in KVM mode, for TCG mode, I'm
> > not sure whether we need to support it.
> > (3) Just followed the 'pmu' property, we only allow this feature to be
> > removed from CPUs which enable it by default. But since the SPE is
> > an optional feature extension for Armv8.2, I think a better way may
> > be to disable it by default, and only enable it when the host cpu
> > do have the feature.
> >
> > [1]https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/
> >posts/statistical-profiling-extension-for-armv8-a
> > [2]https://www.spinics.net/lists/arm-kernel/msg776228.html
> >
> > Haibo Xu (7):
> >   update Linux headers with new vSPE macros
> >   target/arm/kvm: 

[PATCH v3 15/16] hw/riscv: clint: Avoid using hard-coded timebase frequency

[Bin Meng]

From: Bin Meng 

At present the CLINT timestamp is using a hard-coded timebase
frequency value SIFIVE_CLINT_TIMEBASE_FREQ. This might not be
true for all boards.

Add a new 'timebase-freq' property to the CLINT device, and
update various functions to accept this as a parameter.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 

---

(no changes since v1)

 include/hw/riscv/sifive_clint.h |  4 +++-
 target/riscv/cpu.h  |  6 --
 hw/riscv/microchip_pfsoc.c  |  6 +-
 hw/riscv/sifive_clint.c | 26 +++---
 hw/riscv/sifive_e.c |  3 ++-
 hw/riscv/sifive_u.c |  3 ++-
 hw/riscv/spike.c|  3 ++-
 hw/riscv/virt.c |  3 ++-
 target/riscv/cpu_helper.c   |  4 +++-
 target/riscv/csr.c  |  4 ++--
 10 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/include/hw/riscv/sifive_clint.h b/include/hw/riscv/sifive_clint.h
index 9f5fb3d..a30be0f 100644
--- a/include/hw/riscv/sifive_clint.h
+++ b/include/hw/riscv/sifive_clint.h
@@ -39,11 +39,13 @@ typedef struct SiFiveCLINTState {
 uint32_t timecmp_base;
 uint32_t time_base;
 uint32_t aperture_size;
+uint32_t timebase_freq;
 } SiFiveCLINTState;
 
 DeviceState *sifive_clint_create(hwaddr addr, hwaddr size,
 uint32_t hartid_base, uint32_t num_harts, uint32_t sip_base,
-uint32_t timecmp_base, uint32_t time_base, bool provide_rdtime);
+uint32_t timecmp_base, uint32_t time_base, uint32_t timebase_freq,
+bool provide_rdtime);
 
 enum {
 SIFIVE_SIP_BASE = 0x0,
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index dc350f0..a003d83 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -219,7 +219,8 @@ struct CPURISCVState {
 pmp_table_t pmp_state;
 
 /* machine specific rdtime callback */
-uint64_t (*rdtime_fn)(void);
+uint64_t (*rdtime_fn)(uint32_t);
+uint32_t rdtime_fn_arg;
 
 /* True if in debugger mode.  */
 bool debugger;
@@ -349,7 +350,8 @@ void riscv_cpu_swap_hypervisor_regs(CPURISCVState *env);
 int riscv_cpu_claim_interrupts(RISCVCPU *cpu, uint32_t interrupts);
 uint32_t riscv_cpu_update_mip(RISCVCPU *cpu, uint32_t mask, uint32_t value);
 #define BOOL_TO_MASK(x) (-!!(x)) /* helper for riscv_cpu_update_mip value */
-void riscv_cpu_set_rdtime_fn(CPURISCVState *env, uint64_t (*fn)(void));
+void riscv_cpu_set_rdtime_fn(CPURISCVState *env, uint64_t (*fn)(uint32_t),
+ uint32_t arg);
 #endif
 void riscv_cpu_set_mode(CPURISCVState *env, target_ulong newpriv);
 
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index 11ebdd1..da6bd29 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -60,6 +60,9 @@
 #define BIOS_FILENAME   "hss.bin"
 #define RESET_VECTOR0x2022
 
+/* CLINT timebase frequency */
+#define CLINT_TIMEBASE_FREQ 100
+
 /* GEM version */
 #define GEM_REVISION0x0107010c
 
@@ -187,7 +190,8 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 /* CLINT */
 sifive_clint_create(memmap[MICROCHIP_PFSOC_CLINT].base,
 memmap[MICROCHIP_PFSOC_CLINT].size, 0, ms->smp.cpus,
-SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE, false);
+SIFIVE_SIP_BASE, SIFIVE_TIMECMP_BASE, SIFIVE_TIME_BASE,
+CLINT_TIMEBASE_FREQ, false);
 
 /* L2 cache controller */
 create_unimplemented_device("microchip.pfsoc.l2cc",
diff --git a/hw/riscv/sifive_clint.c b/hw/riscv/sifive_clint.c
index 15e13d5..fa1ddf2 100644
--- a/hw/riscv/sifive_clint.c
+++ b/hw/riscv/sifive_clint.c
@@ -29,22 +29,23 @@
 #include "hw/riscv/sifive_clint.h"
 #include "qemu/timer.h"
 
-static uint64_t cpu_riscv_read_rtc(void)
+static uint64_t cpu_riscv_read_rtc(uint32_t timebase_freq)
 {
 return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
-SIFIVE_CLINT_TIMEBASE_FREQ, NANOSECONDS_PER_SECOND);
+timebase_freq, NANOSECONDS_PER_SECOND);
 }
 
 /*
  * Called when timecmp is written to update the QEMU timer or immediately
  * trigger timer interrupt if mtimecmp <= current timer value.
  */
-static void sifive_clint_write_timecmp(RISCVCPU *cpu, uint64_t value)
+static void sifive_clint_write_timecmp(RISCVCPU *cpu, uint64_t value,
+   uint32_t timebase_freq)
 {
 uint64_t next;
 uint64_t diff;
 
-uint64_t rtc_r = cpu_riscv_read_rtc();
+uint64_t rtc_r = cpu_riscv_read_rtc(timebase_freq);
 
 cpu->env.timecmp = value;
 if (cpu->env.timecmp <= rtc_r) {
@@ -59,7 +60,7 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu, 
uint64_t value)
 diff = cpu->env.timecmp - rtc_r;
 /* back to ns (note args switched in muldiv64) */
 next = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
-muldiv64(diff, NANOSECONDS_PER_SECOND, SIFIVE_CLINT_TIMEBASE_FREQ);
+muldiv64(diff, NANOSECONDS_PER_SECOND, timebase_freq);
 timer_mod(cpu->env.timer, next);
 }
 
@@ -112,10 +113,10 @@ static uint64_t 

[PATCH v3 12/16] hw/arm: xlnx: Set all boards' GEM 'phy-addr' property value to 23

[Bin Meng]

From: Bin Meng 

When cadence_gem model was created for Xilinx boards, the PHY address
was hard-coded to 23 in the GEM model. Now that we have introduced a
property we can use that to tell GEM model what our PHY address is.
Change all boards' GEM 'phy-addr' property value to 23, and set the
PHY address default value to 0 in the GEM model.

Signed-off-by: Bin Meng 

---

Changes in v3:
- use the correct (Object *) to set the 'phy-addr' in xlnx-zynqmp.c

 hw/arm/xilinx_zynq.c | 1 +
 hw/arm/xlnx-versal.c | 1 +
 hw/arm/xlnx-zynqmp.c | 2 ++
 hw/net/cadence_gem.c | 6 +++---
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
index 969ef07..9ffcc56 100644
--- a/hw/arm/xilinx_zynq.c
+++ b/hw/arm/xilinx_zynq.c
@@ -119,6 +119,7 @@ static void gem_init(NICInfo *nd, uint32_t base, qemu_irq 
irq)
 qemu_check_nic_model(nd, TYPE_CADENCE_GEM);
 qdev_set_nic_properties(dev, nd);
 }
+object_property_set_int(OBJECT(dev), "phy-addr", 23, _abort);
 s = SYS_BUS_DEVICE(dev);
 sysbus_realize_and_unref(s, _fatal);
 sysbus_mmio_map(s, 0, base);
diff --git a/hw/arm/xlnx-versal.c b/hw/arm/xlnx-versal.c
index e3aa4bd..12ba6c4 100644
--- a/hw/arm/xlnx-versal.c
+++ b/hw/arm/xlnx-versal.c
@@ -165,6 +165,7 @@ static void versal_create_gems(Versal *s, qemu_irq *pic)
 qemu_check_nic_model(nd, "cadence_gem");
 qdev_set_nic_properties(dev, nd);
 }
+object_property_set_int(OBJECT(dev), "phy-addr", 23, _abort);
 object_property_set_int(OBJECT(dev), "num-priority-queues", 2,
 _abort);
 object_property_set_link(OBJECT(dev), "dma", OBJECT(>mr_ps),
diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index c435b9d..7885bb1 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -460,6 +460,8 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
**errp)
 }
 object_property_set_int(OBJECT(>gem[i]), "revision", GEM_REVISION,
 _abort);
+object_property_set_int(OBJECT(>gem[i]), "phy-addr", 23,
+_abort);
 object_property_set_int(OBJECT(>gem[i]), "num-priority-queues", 2,
 _abort);
 if (!sysbus_realize(SYS_BUS_DEVICE(>gem[i]), errp)) {
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index d80096b..7a53469 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -250,7 +250,7 @@
 #define GEM_PHYMNTNC_REG_SHIFT 18
 
 /* Marvell PHY definitions */
-#define BOARD_PHY_ADDRESS23 /* PHY address we will emulate a device at */
+#define BOARD_PHY_ADDRESS0 /* PHY address we will emulate a device at */
 
 #define PHY_REG_CONTROL  0
 #define PHY_REG_STATUS   1
@@ -1446,7 +1446,7 @@ static uint64_t gem_read(void *opaque, hwaddr offset, 
unsigned size)
 uint32_t phy_addr, reg_num;
 
 phy_addr = (retval & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
-if (phy_addr == s->phy_addr || phy_addr == 0) {
+if (phy_addr == s->phy_addr) {
 reg_num = (retval & GEM_PHYMNTNC_REG) >> 
GEM_PHYMNTNC_REG_SHIFT;
 retval &= 0x;
 retval |= gem_phy_read(s, reg_num);
@@ -1569,7 +1569,7 @@ static void gem_write(void *opaque, hwaddr offset, 
uint64_t val,
 uint32_t phy_addr, reg_num;
 
 phy_addr = (val & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
-if (phy_addr == s->phy_addr || phy_addr == 0) {
+if (phy_addr == s->phy_addr) {
 reg_num = (val & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT;
 gem_phy_write(s, reg_num, val);
 }
-- 
2.7.4

[PATCH v3 10/16] hw/riscv: microchip_pfsoc: Connect a DMA controller

[Bin Meng]

From: Bin Meng 

On the Icicle Kit board, the HSS firmware utilizes the on-chip DMA
controller to move the 2nd stage bootloader in the system memory.
Let's connect a DMA controller to Microchip PolarFire SoC.

Signed-off-by: Bin Meng 

---

(no changes since v2)

Changes in v2:
- connect 8 IRQs to the PLIC

 include/hw/riscv/microchip_pfsoc.h | 11 +++
 hw/riscv/microchip_pfsoc.c | 15 +++
 hw/riscv/Kconfig   |  1 +
 3 files changed, 27 insertions(+)

diff --git a/include/hw/riscv/microchip_pfsoc.h 
b/include/hw/riscv/microchip_pfsoc.h
index d810ee8..63e7860 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -23,6 +23,7 @@
 #define HW_MICROCHIP_PFSOC_H
 
 #include "hw/char/mchp_pfsoc_mmuart.h"
+#include "hw/dma/sifive_pdma.h"
 #include "hw/sd/cadence_sdhci.h"
 
 typedef struct MicrochipPFSoCState {
@@ -40,6 +41,7 @@ typedef struct MicrochipPFSoCState {
 MchpPfSoCMMUartState *serial2;
 MchpPfSoCMMUartState *serial3;
 MchpPfSoCMMUartState *serial4;
+SiFivePDMAState dma;
 CadenceSDHCIState sdhci;
 } MicrochipPFSoCState;
 
@@ -71,6 +73,7 @@ enum {
 MICROCHIP_PFSOC_BUSERR_UNIT4,
 MICROCHIP_PFSOC_CLINT,
 MICROCHIP_PFSOC_L2CC,
+MICROCHIP_PFSOC_DMA,
 MICROCHIP_PFSOC_L2LIM,
 MICROCHIP_PFSOC_PLIC,
 MICROCHIP_PFSOC_MMUART0,
@@ -88,6 +91,14 @@ enum {
 };
 
 enum {
+MICROCHIP_PFSOC_DMA_IRQ0 = 5,
+MICROCHIP_PFSOC_DMA_IRQ1 = 6,
+MICROCHIP_PFSOC_DMA_IRQ2 = 7,
+MICROCHIP_PFSOC_DMA_IRQ3 = 8,
+MICROCHIP_PFSOC_DMA_IRQ4 = 9,
+MICROCHIP_PFSOC_DMA_IRQ5 = 10,
+MICROCHIP_PFSOC_DMA_IRQ6 = 11,
+MICROCHIP_PFSOC_DMA_IRQ7 = 12,
 MICROCHIP_PFSOC_EMMC_SD_IRQ = 88,
 MICROCHIP_PFSOC_MMUART0_IRQ = 90,
 MICROCHIP_PFSOC_MMUART1_IRQ = 91,
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index 0b2e9ca..d8ec973 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -13,6 +13,7 @@
  * 2) eNVM (Embedded Non-Volatile Memory)
  * 3) MMUARTs (Multi-Mode UART)
  * 4) Cadence eMMC/SDHC controller and an SD card connected to it
+ * 5) SiFive Platform DMA (Direct Memory Access Controller)
  *
  * This board currently generates devicetree dynamically that indicates at 
least
  * two harts and up to five harts.
@@ -71,6 +72,7 @@ static const struct MemmapEntry {
 [MICROCHIP_PFSOC_BUSERR_UNIT4] ={  0x1704000, 0x1000 },
 [MICROCHIP_PFSOC_CLINT] =   {  0x200,0x1 },
 [MICROCHIP_PFSOC_L2CC] ={  0x201, 0x1000 },
+[MICROCHIP_PFSOC_DMA] = {  0x300,   0x10 },
 [MICROCHIP_PFSOC_L2LIM] =   {  0x800,  0x200 },
 [MICROCHIP_PFSOC_PLIC] ={  0xc00,  0x400 },
 [MICROCHIP_PFSOC_MMUART0] = { 0x2000, 0x1000 },
@@ -114,6 +116,9 @@ static void microchip_pfsoc_soc_instance_init(Object *obj)
  TYPE_RISCV_CPU_SIFIVE_U54);
 qdev_prop_set_uint64(DEVICE(>u_cpus), "resetvec", RESET_VECTOR);
 
+object_initialize_child(obj, "dma-controller", >dma,
+TYPE_SIFIVE_PDMA);
+
 object_initialize_child(obj, "sd-controller", >sdhci,
 TYPE_CADENCE_SDHCI);
 }
@@ -218,6 +223,16 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 memmap[MICROCHIP_PFSOC_PLIC].size);
 g_free(plic_hart_config);
 
+/* DMA */
+sysbus_realize(SYS_BUS_DEVICE(>dma), errp);
+sysbus_mmio_map(SYS_BUS_DEVICE(>dma), 0,
+memmap[MICROCHIP_PFSOC_DMA].base);
+for (i = 0; i < SIFIVE_PDMA_IRQS; i++) {
+sysbus_connect_irq(SYS_BUS_DEVICE(>dma), i,
+   qdev_get_gpio_in(DEVICE(s->plic),
+MICROCHIP_PFSOC_DMA_IRQ0 + i));
+}
+
 /* SYSREG */
 create_unimplemented_device("microchip.pfsoc.sysreg",
 memmap[MICROCHIP_PFSOC_SYSREG].base,
diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig
index 7412db9..9032cb0 100644
--- a/hw/riscv/Kconfig
+++ b/hw/riscv/Kconfig
@@ -55,4 +55,5 @@ config MICROCHIP_PFSOC
 select SIFIVE
 select UNIMP
 select MCHP_PFSOC_MMUART
+select SIFIVE_PDMA
 select CADENCE_SDHCI
-- 
2.7.4

[PATCH v3 09/16] hw/dma: Add SiFive platform DMA controller emulation

[Bin Meng]

From: Bin Meng 

Microchip PolarFire SoC integrates a DMA engine that supports:
* Independent concurrent DMA transfers using 4 DMA channels
* Generation of interrupts on various conditions during execution
which is actually an IP reused from the SiFive FU540 chip.

This creates a model to support both polling and interrupt modes.

Signed-off-by: Bin Meng 

---

Changes in v3:
- change MCHP_PFSOC_DMA to SIFIVE_PDMA

Changes in v2:
- change to update hw/dma/meson.build
- rename the file names to sifive_pdma.[c|h]
- update irq number to 8 per the SiFive FU540 manual
- fix the register offset for channel 1/2/3 in the read/write ops

 include/hw/dma/sifive_pdma.h |  57 
 hw/dma/sifive_pdma.c | 313 +++
 hw/dma/Kconfig   |   3 +
 hw/dma/meson.build   |   1 +
 4 files changed, 374 insertions(+)
 create mode 100644 include/hw/dma/sifive_pdma.h
 create mode 100644 hw/dma/sifive_pdma.c

diff --git a/include/hw/dma/sifive_pdma.h b/include/hw/dma/sifive_pdma.h
new file mode 100644
index 000..e319bbd
--- /dev/null
+++ b/include/hw/dma/sifive_pdma.h
@@ -0,0 +1,57 @@
+/*
+ * SiFive Platform DMA emulation
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#ifndef SIFIVE_PDMA_H
+#define SIFIVE_PDMA_H
+
+struct sifive_pdma_chan {
+uint32_t control;
+uint32_t next_config;
+uint64_t next_bytes;
+uint64_t next_dst;
+uint64_t next_src;
+uint32_t exec_config;
+uint64_t exec_bytes;
+uint64_t exec_dst;
+uint64_t exec_src;
+int state;
+};
+
+#define SIFIVE_PDMA_CHANS   4
+#define SIFIVE_PDMA_IRQS(SIFIVE_PDMA_CHANS * 2)
+#define SIFIVE_PDMA_REG_SIZE0x10
+#define SIFIVE_PDMA_CHAN_NO(reg)((reg & (SIFIVE_PDMA_REG_SIZE - 1)) >> 12)
+
+typedef struct SiFivePDMAState {
+SysBusDevice parent;
+MemoryRegion iomem;
+qemu_irq irq[SIFIVE_PDMA_IRQS];
+
+struct sifive_pdma_chan chan[SIFIVE_PDMA_CHANS];
+} SiFivePDMAState;
+
+#define TYPE_SIFIVE_PDMA"sifive.pdma"
+
+#define SIFIVE_PDMA(obj)\
+OBJECT_CHECK(SiFivePDMAState, (obj), TYPE_SIFIVE_PDMA)
+
+#endif /* SIFIVE_PDMA_H */
diff --git a/hw/dma/sifive_pdma.c b/hw/dma/sifive_pdma.c
new file mode 100644
index 000..e1f6fed
--- /dev/null
+++ b/hw/dma/sifive_pdma.c
@@ -0,0 +1,313 @@
+/*
+ * SiFive Platform DMA emulation
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/qdev-properties.h"
+#include "hw/sysbus.h"
+#include "migration/vmstate.h"
+#include "sysemu/dma.h"
+#include "hw/dma/sifive_pdma.h"
+
+#define DMA_CONTROL 0x000
+#define   CONTROL_CLAIM BIT(0)
+#define   CONTROL_RUN   BIT(1)
+#define   CONTROL_DONE_IE   BIT(14)
+#define   CONTROL_ERR_IEBIT(15)
+#define   CONTROL_DONE  BIT(30)
+#define   CONTROL_ERR   BIT(31)
+
+#define DMA_NEXT_CONFIG 0x004
+#define   CONFIG_REPEAT BIT(2)
+#define   CONFIG_ORDER  BIT(3)
+#define   CONFIG_WRSZ_SHIFT 24
+#define   CONFIG_RDSZ_SHIFT 28
+#define   CONFIG_SZ_MASK0xf
+
+#define DMA_NEXT_BYTES  0x008
+#define DMA_NEXT_DST0x010
+#define DMA_NEXT_SRC0x018
+#define DMA_EXEC_CONFIG 0x104
+#define DMA_EXEC_BYTES  0x108
+#define DMA_EXEC_DST0x110
+#define DMA_EXEC_SRC0x118
+
+enum dma_chan_state {
+DMA_CHAN_STATE_IDLE,
+DMA_CHAN_STATE_STARTED,
+DMA_CHAN_STATE_ERROR,
+DMA_CHAN_STATE_DONE
+};
+
+static void sifive_pdma_run(SiFivePDMAState *s, int ch)
+{
+uint64_t 

[PATCH v3 08/16] hw/riscv: microchip_pfsoc: Connect a Cadence SDHCI controller and an SD card

[Bin Meng]

From: Bin Meng 

Microchip PolarFire SoC integrates one Cadence SDHCI controller.
On the Icicle Kit board, one eMMC chip and an external SD card
connect to this controller depending on different configuration.

As QEMU does not support eMMC yet, we just emulate the SD card
configuration. To test this, the Hart Software Services (HSS)
should choose the SD card configuration:

$ cp boards/icicle-kit-es/def_config.sdcard .config
$ make BOARD=icicle-kit-es

The SD card image can be built from the Yocto BSP at:
https://github.com/polarfire-soc/meta-polarfire-soc-yocto-bsp

Note the generated SD card image should be resized before use:
$ qemu-img resize /path/to/sdcard.img 4G

Launch QEMU with the following command:
$ qemu-system-riscv64 -nographic -M microchip-icicle-kit -sd sdcard.img

Signed-off-by: Bin Meng 

---

(no changes since v2)

Changes in v2:
- do not initialize TYPE_SYSBUS_SDHCI in the SoC instance_init(),
  instead move that to the cadence_sdhci model
- do not access generic-sdhci's state directly,
  instead move that to the cadence_sdhci model

 include/hw/riscv/microchip_pfsoc.h |  4 
 hw/riscv/microchip_pfsoc.c | 23 +++
 hw/riscv/Kconfig   |  1 +
 3 files changed, 28 insertions(+)

diff --git a/include/hw/riscv/microchip_pfsoc.h 
b/include/hw/riscv/microchip_pfsoc.h
index a5efa1d..d810ee8 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -23,6 +23,7 @@
 #define HW_MICROCHIP_PFSOC_H
 
 #include "hw/char/mchp_pfsoc_mmuart.h"
+#include "hw/sd/cadence_sdhci.h"
 
 typedef struct MicrochipPFSoCState {
 /*< private >*/
@@ -39,6 +40,7 @@ typedef struct MicrochipPFSoCState {
 MchpPfSoCMMUartState *serial2;
 MchpPfSoCMMUartState *serial3;
 MchpPfSoCMMUartState *serial4;
+CadenceSDHCIState sdhci;
 } MicrochipPFSoCState;
 
 #define TYPE_MICROCHIP_PFSOC"microchip.pfsoc"
@@ -74,6 +76,7 @@ enum {
 MICROCHIP_PFSOC_MMUART0,
 MICROCHIP_PFSOC_SYSREG,
 MICROCHIP_PFSOC_MPUCFG,
+MICROCHIP_PFSOC_EMMC_SD,
 MICROCHIP_PFSOC_MMUART1,
 MICROCHIP_PFSOC_MMUART2,
 MICROCHIP_PFSOC_MMUART3,
@@ -85,6 +88,7 @@ enum {
 };
 
 enum {
+MICROCHIP_PFSOC_EMMC_SD_IRQ = 88,
 MICROCHIP_PFSOC_MMUART0_IRQ = 90,
 MICROCHIP_PFSOC_MMUART1_IRQ = 91,
 MICROCHIP_PFSOC_MMUART2_IRQ = 92,
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index cee959a..0b2e9ca 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -12,6 +12,7 @@
  * 1) PLIC (Platform Level Interrupt Controller)
  * 2) eNVM (Embedded Non-Volatile Memory)
  * 3) MMUARTs (Multi-Mode UART)
+ * 4) Cadence eMMC/SDHC controller and an SD card connected to it
  *
  * This board currently generates devicetree dynamically that indicates at 
least
  * two harts and up to five harts.
@@ -75,6 +76,7 @@ static const struct MemmapEntry {
 [MICROCHIP_PFSOC_MMUART0] = { 0x2000, 0x1000 },
 [MICROCHIP_PFSOC_SYSREG] =  { 0x20002000, 0x2000 },
 [MICROCHIP_PFSOC_MPUCFG] =  { 0x20005000, 0x1000 },
+[MICROCHIP_PFSOC_EMMC_SD] = { 0x20008000, 0x1000 },
 [MICROCHIP_PFSOC_MMUART1] = { 0x2010, 0x1000 },
 [MICROCHIP_PFSOC_MMUART2] = { 0x20102000, 0x1000 },
 [MICROCHIP_PFSOC_MMUART3] = { 0x20104000, 0x1000 },
@@ -111,6 +113,9 @@ static void microchip_pfsoc_soc_instance_init(Object *obj)
 qdev_prop_set_string(DEVICE(>u_cpus), "cpu-type",
  TYPE_RISCV_CPU_SIFIVE_U54);
 qdev_prop_set_uint64(DEVICE(>u_cpus), "resetvec", RESET_VECTOR);
+
+object_initialize_child(obj, "sd-controller", >sdhci,
+TYPE_CADENCE_SDHCI);
 }
 
 static void microchip_pfsoc_soc_realize(DeviceState *dev, Error **errp)
@@ -223,6 +228,13 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 memmap[MICROCHIP_PFSOC_MPUCFG].base,
 memmap[MICROCHIP_PFSOC_MPUCFG].size);
 
+/* SDHCI */
+sysbus_realize(SYS_BUS_DEVICE(>sdhci), errp);
+sysbus_mmio_map(SYS_BUS_DEVICE(>sdhci), 0,
+memmap[MICROCHIP_PFSOC_EMMC_SD].base);
+sysbus_connect_irq(SYS_BUS_DEVICE(>sdhci), 0,
+qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_EMMC_SD_IRQ));
+
 /* MMUARTs */
 s->serial0 = mchp_pfsoc_mmuart_create(system_memory,
 memmap[MICROCHIP_PFSOC_MMUART0].base,
@@ -290,6 +302,7 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
 MicrochipIcicleKitState *s = MICROCHIP_ICICLE_KIT_MACHINE(machine);
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *main_mem = g_new(MemoryRegion, 1);
+DriveInfo *dinfo = drive_get_next(IF_SD);
 
 /* Sanity check on RAM size */
 if (machine->ram_size < mc->default_ram_size) {
@@ -312,6 +325,16 @@ static void microchip_icicle_kit_machine_init(MachineState 
*machine)
 
 /* Load the firmware */
 

[PATCH v3 16/16] hw/riscv: sifive_u: Connect a DMA controller

[Bin Meng]

From: Bin Meng 

SiFive FU540 SoC integrates a platform DMA controller with 4 DMA
channels. This connects the exsiting SiFive PDMA model to the SoC,
and adds its device tree data as well.

Signed-off-by: Bin Meng 
---

(no changes since v1)

 include/hw/riscv/sifive_u.h | 11 +++
 hw/riscv/sifive_u.c | 30 ++
 hw/riscv/Kconfig|  1 +
 3 files changed, 42 insertions(+)

diff --git a/include/hw/riscv/sifive_u.h b/include/hw/riscv/sifive_u.h
index d3c0c00..793000a 100644
--- a/include/hw/riscv/sifive_u.h
+++ b/include/hw/riscv/sifive_u.h
@@ -19,6 +19,7 @@
 #ifndef HW_SIFIVE_U_H
 #define HW_SIFIVE_U_H
 
+#include "hw/dma/sifive_pdma.h"
 #include "hw/net/cadence_gem.h"
 #include "hw/riscv/riscv_hart.h"
 #include "hw/riscv/sifive_cpu.h"
@@ -43,6 +44,7 @@ typedef struct SiFiveUSoCState {
 SiFiveUPRCIState prci;
 SIFIVEGPIOState gpio;
 SiFiveUOTPState otp;
+SiFivePDMAState dma;
 CadenceGEMState gem;
 
 uint32_t serial;
@@ -72,6 +74,7 @@ enum {
 SIFIVE_U_MROM,
 SIFIVE_U_CLINT,
 SIFIVE_U_L2CC,
+SIFIVE_U_PDMA,
 SIFIVE_U_L2LIM,
 SIFIVE_U_PLIC,
 SIFIVE_U_PRCI,
@@ -108,6 +111,14 @@ enum {
 SIFIVE_U_GPIO_IRQ13 = 20,
 SIFIVE_U_GPIO_IRQ14 = 21,
 SIFIVE_U_GPIO_IRQ15 = 22,
+SIFIVE_U_PDMA_IRQ0 = 23,
+SIFIVE_U_PDMA_IRQ1 = 24,
+SIFIVE_U_PDMA_IRQ2 = 25,
+SIFIVE_U_PDMA_IRQ3 = 26,
+SIFIVE_U_PDMA_IRQ4 = 27,
+SIFIVE_U_PDMA_IRQ5 = 28,
+SIFIVE_U_PDMA_IRQ6 = 29,
+SIFIVE_U_PDMA_IRQ7 = 30,
 SIFIVE_U_GEM_IRQ = 0x35
 };
 
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 2bc3992..7997537 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -14,6 +14,7 @@
  * 4) GPIO (General Purpose Input/Output Controller)
  * 5) OTP (One-Time Programmable) memory with stored serial number
  * 6) GEM (Gigabit Ethernet Controller) and management block
+ * 7) DMA (Direct Memory Access Controller)
  *
  * This board currently generates devicetree dynamically that indicates at 
least
  * two harts and up to five harts.
@@ -73,6 +74,7 @@ static const struct MemmapEntry {
 [SIFIVE_U_MROM] = { 0x1000, 0xf000 },
 [SIFIVE_U_CLINT] ={  0x200,0x1 },
 [SIFIVE_U_L2CC] = {  0x201, 0x1000 },
+[SIFIVE_U_PDMA] = {  0x300,   0x10 },
 [SIFIVE_U_L2LIM] ={  0x800,  0x200 },
 [SIFIVE_U_PLIC] = {  0xc00,  0x400 },
 [SIFIVE_U_PRCI] = { 0x1000, 0x1000 },
@@ -303,6 +305,22 @@ static void create_fdt(SiFiveUState *s, const struct 
MemmapEntry *memmap,
 qemu_fdt_setprop_string(fdt, nodename, "compatible", "gpio-restart");
 g_free(nodename);
 
+nodename = g_strdup_printf("/soc/dma@%lx",
+(long)memmap[SIFIVE_U_PDMA].base);
+qemu_fdt_add_subnode(fdt, nodename);
+qemu_fdt_setprop_cell(fdt, nodename, "#dma-cells", 1);
+qemu_fdt_setprop_cells(fdt, nodename, "interrupts",
+SIFIVE_U_PDMA_IRQ0, SIFIVE_U_PDMA_IRQ1, SIFIVE_U_PDMA_IRQ2,
+SIFIVE_U_PDMA_IRQ3, SIFIVE_U_PDMA_IRQ4, SIFIVE_U_PDMA_IRQ5,
+SIFIVE_U_PDMA_IRQ6, SIFIVE_U_PDMA_IRQ7);
+qemu_fdt_setprop_cell(fdt, nodename, "interrupt-parent", plic_phandle);
+qemu_fdt_setprop_cells(fdt, nodename, "reg",
+0x0, memmap[SIFIVE_U_PDMA].base,
+0x0, memmap[SIFIVE_U_PDMA].size);
+qemu_fdt_setprop_string(fdt, nodename, "compatible",
+"sifive,fu540-c000-pdma");
+g_free(nodename);
+
 nodename = g_strdup_printf("/soc/cache-controller@%lx",
 (long)memmap[SIFIVE_U_L2CC].base);
 qemu_fdt_add_subnode(fdt, nodename);
@@ -627,6 +645,7 @@ static void sifive_u_soc_instance_init(Object *obj)
 object_initialize_child(obj, "otp", >otp, TYPE_SIFIVE_U_OTP);
 object_initialize_child(obj, "gem", >gem, TYPE_CADENCE_GEM);
 object_initialize_child(obj, "gpio", >gpio, TYPE_SIFIVE_GPIO);
+object_initialize_child(obj, "pdma", >dma, TYPE_SIFIVE_PDMA);
 }
 
 static void sifive_u_soc_realize(DeviceState *dev, Error **errp)
@@ -730,6 +749,17 @@ static void sifive_u_soc_realize(DeviceState *dev, Error 
**errp)
 SIFIVE_U_GPIO_IRQ0 + i));
 }
 
+/* PDMA */
+sysbus_realize(SYS_BUS_DEVICE(>dma), errp);
+sysbus_mmio_map(SYS_BUS_DEVICE(>dma), 0, memmap[SIFIVE_U_PDMA].base);
+
+/* Connect PDMA interrupts to the PLIC */
+for (i = 0; i < SIFIVE_PDMA_IRQS; i++) {
+sysbus_connect_irq(SYS_BUS_DEVICE(>dma), i,
+   qdev_get_gpio_in(DEVICE(s->plic),
+SIFIVE_U_PDMA_IRQ0 + i));
+}
+
 qdev_prop_set_uint32(DEVICE(>otp), "serial", s->serial);
 if (!sysbus_realize(SYS_BUS_DEVICE(>otp), errp)) {
 return;
diff --git a/hw/riscv/Kconfig b/hw/riscv/Kconfig
index 9032cb0..e53ab1e 100644
--- a/hw/riscv/Kconfig
+++ b/hw/riscv/Kconfig
@@ -22,6 +22,7 @@ config SIFIVE_U
 select CADENCE
 select HART
 select 

[PATCH v3 07/16] hw/sd: Add Cadence SDHCI emulation

[Bin Meng]

From: Bin Meng 

Cadence SD/SDIO/eMMC Host Controller (SD4HC) is an SDHCI compatible
controller. The SDHCI compatible registers start from offset 0x200,
which are called Slot Register Set (SRS) in its datasheet.

This creates a Cadence SDHCI model built on top of the existing
generic SDHCI model. Cadence specific Host Register Set (HRS) is
implemented to make guest software happy.

Signed-off-by: Bin Meng 
Acked-by: Philippe Mathieu-Daudé 

---

(no changes since v2)

Changes in v2:
- change to update hw/sd/meson.build
- change the name to "generic-sdhci" when calling object_initialize_child()
- add a container MR to simplify out-of-bounds access checks

 include/hw/sd/cadence_sdhci.h |  47 ++
 hw/sd/cadence_sdhci.c | 193 ++
 hw/sd/Kconfig |   4 +
 hw/sd/meson.build |   1 +
 4 files changed, 245 insertions(+)
 create mode 100644 include/hw/sd/cadence_sdhci.h
 create mode 100644 hw/sd/cadence_sdhci.c

diff --git a/include/hw/sd/cadence_sdhci.h b/include/hw/sd/cadence_sdhci.h
new file mode 100644
index 000..cd8288b
--- /dev/null
+++ b/include/hw/sd/cadence_sdhci.h
@@ -0,0 +1,47 @@
+/*
+ * Cadence SDHCI emulation
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#ifndef CADENCE_SDHCI_H
+#define CADENCE_SDHCI_H
+
+#include "hw/sd/sdhci.h"
+
+#define CADENCE_SDHCI_REG_SIZE  0x100
+#define CADENCE_SDHCI_NUM_REGS  (CADENCE_SDHCI_REG_SIZE / sizeof(uint32_t))
+
+typedef struct CadenceSDHCIState {
+SysBusDevice parent;
+
+MemoryRegion container;
+MemoryRegion iomem;
+BusState *bus;
+
+uint32_t regs[CADENCE_SDHCI_NUM_REGS];
+
+SDHCIState sdhci;
+} CadenceSDHCIState;
+
+#define TYPE_CADENCE_SDHCI  "cadence.sdhci"
+#define CADENCE_SDHCI(obj)  OBJECT_CHECK(CadenceSDHCIState, (obj), \
+ TYPE_CADENCE_SDHCI)
+
+#endif /* CADENCE_SDHCI_H */
diff --git a/hw/sd/cadence_sdhci.c b/hw/sd/cadence_sdhci.c
new file mode 100644
index 000..0b371c8
--- /dev/null
+++ b/hw/sd/cadence_sdhci.c
@@ -0,0 +1,193 @@
+/*
+ * Cadence SDHCI emulation
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/bitops.h"
+#include "qemu/error-report.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "migration/vmstate.h"
+#include "hw/irq.h"
+#include "hw/sd/cadence_sdhci.h"
+#include "sdhci-internal.h"
+
+/* HRS - Host Register Set (specific to Cadence) */
+
+#define CADENCE_SDHCI_HRS00 0x00/* general information */
+#define CADENCE_SDHCI_HRS00_SWR BIT(0)
+#define CADENCE_SDHCI_HRS00_POR_VAL 0x0001
+
+#define CADENCE_SDHCI_HRS04 0x10/* PHY access port */
+#define CADENCE_SDHCI_HRS04_WR  BIT(24)
+#define CADENCE_SDHCI_HRS04_RD  BIT(25)
+#define CADENCE_SDHCI_HRS04_ACK BIT(26)
+
+#define CADENCE_SDHCI_HRS06 0x18/* eMMC control */
+#define CADENCE_SDHCI_HRS06_TUNE_UP BIT(15)
+
+/* SRS - Slot Register Set (SDHCI-compatible) */
+
+#define CADENCE_SDHCI_SRS_BASE  0x200
+
+#define TO_REG(addr)((addr) / sizeof(uint32_t))
+
+static void cadence_sdhci_instance_init(Object *obj)
+{
+CadenceSDHCIState *s = CADENCE_SDHCI(obj);
+
+object_initialize_child(OBJECT(s), "generic-sdhci",
+>sdhci, TYPE_SYSBUS_SDHCI);
+}
+
+static void cadence_sdhci_reset(DeviceState *dev)
+{
+CadenceSDHCIState *s = CADENCE_SDHCI(dev);
+
+memset(s->regs, 0, CADENCE_SDHCI_REG_SIZE);
+s->regs[TO_REG(CADENCE_SDHCI_HRS00)] = CADENCE_SDHCI_HRS00_POR_VAL;
+
+

[PATCH v3 06/16] hw/riscv: microchip_pfsoc: Connect 5 MMUARTs

[Bin Meng]

From: Bin Meng 

Microchip PolarFire SoC has 5 MMUARTs, and the Icicle Kit board
wires 4 of them out. Let's connect all 5 MMUARTs.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 include/hw/riscv/microchip_pfsoc.h | 20 
 hw/riscv/microchip_pfsoc.c | 30 ++
 hw/riscv/Kconfig   |  1 +
 3 files changed, 51 insertions(+)

diff --git a/include/hw/riscv/microchip_pfsoc.h 
b/include/hw/riscv/microchip_pfsoc.h
index 1953ef1..a5efa1d 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -22,6 +22,8 @@
 #ifndef HW_MICROCHIP_PFSOC_H
 #define HW_MICROCHIP_PFSOC_H
 
+#include "hw/char/mchp_pfsoc_mmuart.h"
+
 typedef struct MicrochipPFSoCState {
 /*< private >*/
 DeviceState parent_obj;
@@ -32,6 +34,11 @@ typedef struct MicrochipPFSoCState {
 RISCVHartArrayState e_cpus;
 RISCVHartArrayState u_cpus;
 DeviceState *plic;
+MchpPfSoCMMUartState *serial0;
+MchpPfSoCMMUartState *serial1;
+MchpPfSoCMMUartState *serial2;
+MchpPfSoCMMUartState *serial3;
+MchpPfSoCMMUartState *serial4;
 } MicrochipPFSoCState;
 
 #define TYPE_MICROCHIP_PFSOC"microchip.pfsoc"
@@ -64,14 +71,27 @@ enum {
 MICROCHIP_PFSOC_L2CC,
 MICROCHIP_PFSOC_L2LIM,
 MICROCHIP_PFSOC_PLIC,
+MICROCHIP_PFSOC_MMUART0,
 MICROCHIP_PFSOC_SYSREG,
 MICROCHIP_PFSOC_MPUCFG,
+MICROCHIP_PFSOC_MMUART1,
+MICROCHIP_PFSOC_MMUART2,
+MICROCHIP_PFSOC_MMUART3,
+MICROCHIP_PFSOC_MMUART4,
 MICROCHIP_PFSOC_ENVM_CFG,
 MICROCHIP_PFSOC_ENVM_DATA,
 MICROCHIP_PFSOC_IOSCB_CFG,
 MICROCHIP_PFSOC_DRAM,
 };
 
+enum {
+MICROCHIP_PFSOC_MMUART0_IRQ = 90,
+MICROCHIP_PFSOC_MMUART1_IRQ = 91,
+MICROCHIP_PFSOC_MMUART2_IRQ = 92,
+MICROCHIP_PFSOC_MMUART3_IRQ = 93,
+MICROCHIP_PFSOC_MMUART4_IRQ = 94,
+};
+
 #define MICROCHIP_PFSOC_MANAGEMENT_CPU_COUNT1
 #define MICROCHIP_PFSOC_COMPUTE_CPU_COUNT   4
 
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index d946b2a..cee959a 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -11,6 +11,7 @@
  * 0) CLINT (Core Level Interruptor)
  * 1) PLIC (Platform Level Interrupt Controller)
  * 2) eNVM (Embedded Non-Volatile Memory)
+ * 3) MMUARTs (Multi-Mode UART)
  *
  * This board currently generates devicetree dynamically that indicates at 
least
  * two harts and up to five harts.
@@ -38,6 +39,7 @@
 #include "hw/irq.h"
 #include "hw/loader.h"
 #include "hw/sysbus.h"
+#include "chardev/char.h"
 #include "hw/cpu/cluster.h"
 #include "target/riscv/cpu.h"
 #include "hw/misc/unimp.h"
@@ -46,6 +48,7 @@
 #include "hw/riscv/sifive_clint.h"
 #include "hw/riscv/sifive_plic.h"
 #include "hw/riscv/microchip_pfsoc.h"
+#include "sysemu/sysemu.h"
 
 /*
  * The BIOS image used by this machine is called Hart Software Services (HSS).
@@ -69,8 +72,13 @@ static const struct MemmapEntry {
 [MICROCHIP_PFSOC_L2CC] ={  0x201, 0x1000 },
 [MICROCHIP_PFSOC_L2LIM] =   {  0x800,  0x200 },
 [MICROCHIP_PFSOC_PLIC] ={  0xc00,  0x400 },
+[MICROCHIP_PFSOC_MMUART0] = { 0x2000, 0x1000 },
 [MICROCHIP_PFSOC_SYSREG] =  { 0x20002000, 0x2000 },
 [MICROCHIP_PFSOC_MPUCFG] =  { 0x20005000, 0x1000 },
+[MICROCHIP_PFSOC_MMUART1] = { 0x2010, 0x1000 },
+[MICROCHIP_PFSOC_MMUART2] = { 0x20102000, 0x1000 },
+[MICROCHIP_PFSOC_MMUART3] = { 0x20104000, 0x1000 },
+[MICROCHIP_PFSOC_MMUART4] = { 0x20106000, 0x1000 },
 [MICROCHIP_PFSOC_ENVM_CFG] ={ 0x2020, 0x1000 },
 [MICROCHIP_PFSOC_ENVM_DATA] =   { 0x2022,0x2 },
 [MICROCHIP_PFSOC_IOSCB_CFG] =   { 0x3708, 0x1000 },
@@ -215,6 +223,28 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 memmap[MICROCHIP_PFSOC_MPUCFG].base,
 memmap[MICROCHIP_PFSOC_MPUCFG].size);
 
+/* MMUARTs */
+s->serial0 = mchp_pfsoc_mmuart_create(system_memory,
+memmap[MICROCHIP_PFSOC_MMUART0].base,
+qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_MMUART0_IRQ),
+serial_hd(0));
+s->serial1 = mchp_pfsoc_mmuart_create(system_memory,
+memmap[MICROCHIP_PFSOC_MMUART1].base,
+qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_MMUART1_IRQ),
+serial_hd(1));
+s->serial2 = mchp_pfsoc_mmuart_create(system_memory,
+memmap[MICROCHIP_PFSOC_MMUART2].base,
+qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_MMUART2_IRQ),
+serial_hd(2));
+s->serial3 = mchp_pfsoc_mmuart_create(system_memory,
+memmap[MICROCHIP_PFSOC_MMUART3].base,
+qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_MMUART3_IRQ),
+serial_hd(3));
+s->serial4 = mchp_pfsoc_mmuart_create(system_memory,
+memmap[MICROCHIP_PFSOC_MMUART4].base,
+

[PATCH v3 14/16] hw/riscv: microchip_pfsoc: Hook GPIO controllers

[Bin Meng]

From: Bin Meng 

Microchip PolarFire SoC integrates 3 GPIOs controllers. It seems
enough to create unimplemented devices to cover their register
spaces at this point.

With this commit, QEMU can boot to U-Boot (2nd stage bootloader)
all the way to the Linux shell login prompt, with a modified HSS
(1st stage bootloader).

For detailed instructions on how to create images for the Icicle
Kit board, please check QEMU RISC-V WiKi page at:
https://wiki.qemu.org/Documentation/Platforms/RISCV

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 include/hw/riscv/microchip_pfsoc.h |  3 +++
 hw/riscv/microchip_pfsoc.c | 14 ++
 2 files changed, 17 insertions(+)

diff --git a/include/hw/riscv/microchip_pfsoc.h 
b/include/hw/riscv/microchip_pfsoc.h
index 6d20853..8bfc7e1 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -89,6 +89,9 @@ enum {
 MICROCHIP_PFSOC_MMUART4,
 MICROCHIP_PFSOC_GEM0,
 MICROCHIP_PFSOC_GEM1,
+MICROCHIP_PFSOC_GPIO0,
+MICROCHIP_PFSOC_GPIO1,
+MICROCHIP_PFSOC_GPIO2,
 MICROCHIP_PFSOC_ENVM_CFG,
 MICROCHIP_PFSOC_ENVM_DATA,
 MICROCHIP_PFSOC_IOSCB_CFG,
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index 7f25609..11ebdd1 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -89,6 +89,9 @@ static const struct MemmapEntry {
 [MICROCHIP_PFSOC_MMUART4] = { 0x20106000, 0x1000 },
 [MICROCHIP_PFSOC_GEM0] ={ 0x2011, 0x2000 },
 [MICROCHIP_PFSOC_GEM1] ={ 0x20112000, 0x2000 },
+[MICROCHIP_PFSOC_GPIO0] =   { 0x2012, 0x1000 },
+[MICROCHIP_PFSOC_GPIO1] =   { 0x20121000, 0x1000 },
+[MICROCHIP_PFSOC_GPIO2] =   { 0x20122000, 0x1000 },
 [MICROCHIP_PFSOC_ENVM_CFG] ={ 0x2020, 0x1000 },
 [MICROCHIP_PFSOC_ENVM_DATA] =   { 0x2022,0x2 },
 [MICROCHIP_PFSOC_IOSCB_CFG] =   { 0x3708, 0x1000 },
@@ -311,6 +314,17 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(>gem1), 0,
 qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_GEM1_IRQ));
 
+/* GPIOs */
+create_unimplemented_device("microchip.pfsoc.gpio0",
+memmap[MICROCHIP_PFSOC_GPIO0].base,
+memmap[MICROCHIP_PFSOC_GPIO0].size);
+create_unimplemented_device("microchip.pfsoc.gpio1",
+memmap[MICROCHIP_PFSOC_GPIO1].base,
+memmap[MICROCHIP_PFSOC_GPIO1].size);
+create_unimplemented_device("microchip.pfsoc.gpio2",
+memmap[MICROCHIP_PFSOC_GPIO2].base,
+memmap[MICROCHIP_PFSOC_GPIO2].size);
+
 /* eNVM */
 memory_region_init_rom(envm_data, OBJECT(dev), "microchip.pfsoc.envm.data",
memmap[MICROCHIP_PFSOC_ENVM_DATA].size,
-- 
2.7.4

[PATCH v3 03/16] target/riscv: cpu: Set reset vector based on the configured property value

[Bin Meng]

From: Bin Meng 

Now that we have the newly introduced 'resetvec' property in the
RISC-V CPU and HART, instead of hard-coding the reset vector addr
in the CPU's instance_init(), move that to riscv_cpu_realize()
based on the configured property value from the RISC-V machines.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 hw/riscv/opentitan.c | 1 +
 hw/riscv/sifive_e.c  | 1 +
 hw/riscv/sifive_u.c  | 2 ++
 target/riscv/cpu.c   | 7 ++-
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/hw/riscv/opentitan.c b/hw/riscv/opentitan.c
index 23ba3b4..0531bd8 100644
--- a/hw/riscv/opentitan.c
+++ b/hw/riscv/opentitan.c
@@ -111,6 +111,7 @@ static void lowrisc_ibex_soc_realize(DeviceState *dev_soc, 
Error **errp)
 _abort);
 object_property_set_int(OBJECT(>cpus), "num-harts", ms->smp.cpus,
 _abort);
+object_property_set_int(OBJECT(>cpus), "resetvec", 0x8090, 
_abort);
 sysbus_realize(SYS_BUS_DEVICE(>cpus), _abort);
 
 /* Boot ROM */
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index ca55cc4..cd7560d 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -177,6 +177,7 @@ static void sifive_e_soc_init(Object *obj)
 object_initialize_child(obj, "cpus", >cpus, TYPE_RISCV_HART_ARRAY);
 object_property_set_int(OBJECT(>cpus), "num-harts", ms->smp.cpus,
 _abort);
+object_property_set_int(OBJECT(>cpus), "resetvec", 0x1004, 
_abort);
 object_initialize_child(obj, "riscv.sifive.e.gpio0", >gpio,
 TYPE_SIFIVE_GPIO);
 }
diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index a48046c..404d5e6 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -611,6 +611,7 @@ static void sifive_u_soc_instance_init(Object *obj)
 qdev_prop_set_uint32(DEVICE(>e_cpus), "num-harts", 1);
 qdev_prop_set_uint32(DEVICE(>e_cpus), "hartid-base", 0);
 qdev_prop_set_string(DEVICE(>e_cpus), "cpu-type", SIFIVE_E_CPU);
+qdev_prop_set_uint64(DEVICE(>e_cpus), "resetvec", 0x1004);
 
 object_initialize_child(obj, "u-cluster", >u_cluster, TYPE_CPU_CLUSTER);
 qdev_prop_set_uint32(DEVICE(>u_cluster), "cluster-id", 1);
@@ -620,6 +621,7 @@ static void sifive_u_soc_instance_init(Object *obj)
 qdev_prop_set_uint32(DEVICE(>u_cpus), "num-harts", ms->smp.cpus - 1);
 qdev_prop_set_uint32(DEVICE(>u_cpus), "hartid-base", 1);
 qdev_prop_set_string(DEVICE(>u_cpus), "cpu-type", SIFIVE_U_CPU);
+qdev_prop_set_uint64(DEVICE(>u_cpus), "resetvec", 0x1004);
 
 object_initialize_child(obj, "prci", >prci, TYPE_SIFIVE_U_PRCI);
 object_initialize_child(obj, "otp", >otp, TYPE_SIFIVE_U_OTP);
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 8067a26..bd41286 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -128,7 +128,6 @@ static void riscv_any_cpu_init(Object *obj)
 CPURISCVState *env = _CPU(obj)->env;
 set_misa(env, RVXLEN | RVI | RVM | RVA | RVF | RVD | RVC | RVU);
 set_priv_version(env, PRIV_VERSION_1_11_0);
-set_resetvec(env, DEFAULT_RSTVEC);
 }
 
 static void riscv_base_cpu_init(Object *obj)
@@ -136,7 +135,6 @@ static void riscv_base_cpu_init(Object *obj)
 CPURISCVState *env = _CPU(obj)->env;
 /* We set this in the realise function */
 set_misa(env, 0);
-set_resetvec(env, DEFAULT_RSTVEC);
 }
 
 static void rvxx_sifive_u_cpu_init(Object *obj)
@@ -144,7 +142,6 @@ static void rvxx_sifive_u_cpu_init(Object *obj)
 CPURISCVState *env = _CPU(obj)->env;
 set_misa(env, RVXLEN | RVI | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
 set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, 0x1004);
 }
 
 static void rvxx_sifive_e_cpu_init(Object *obj)
@@ -152,7 +149,6 @@ static void rvxx_sifive_e_cpu_init(Object *obj)
 CPURISCVState *env = _CPU(obj)->env;
 set_misa(env, RVXLEN | RVI | RVM | RVA | RVC | RVU);
 set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, 0x1004);
 qdev_prop_set_bit(DEVICE(obj), "mmu", false);
 }
 
@@ -163,7 +159,6 @@ static void rv32_ibex_cpu_init(Object *obj)
 CPURISCVState *env = _CPU(obj)->env;
 set_misa(env, RV32 | RVI | RVM | RVC | RVU);
 set_priv_version(env, PRIV_VERSION_1_10_0);
-set_resetvec(env, 0x8090);
 qdev_prop_set_bit(DEVICE(obj), "mmu", false);
 }
 
@@ -373,6 +368,8 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
**errp)
 set_feature(env, RISCV_FEATURE_PMP);
 }
 
+set_resetvec(env, cpu->cfg.resetvec);
+
 /* If misa isn't set (rv32 and rv64 machines) set it here */
 if (!env->misa) {
 /* Do some ISA extension error checking */
-- 
2.7.4

[PATCH v3 05/16] hw/char: Add Microchip PolarFire SoC MMUART emulation

[Bin Meng]

From: Bin Meng 

Microchip PolarFire SoC MMUART is ns16550 compatible, with some
additional registers. Create a simple MMUART model built on top
of the existing ns16550 model.

Signed-off-by: Bin Meng 

---

(no changes since v2)

Changes in v2:
- change to update hw/char/meson.build
- add impl.min_access_size and impl.max_access_size as part of
  MemoryRegionOps and remove the allignment check

 include/hw/char/mchp_pfsoc_mmuart.h | 61 ++
 hw/char/mchp_pfsoc_mmuart.c | 86 +
 MAINTAINERS |  2 +
 hw/char/Kconfig |  3 ++
 hw/char/meson.build |  1 +
 5 files changed, 153 insertions(+)
 create mode 100644 include/hw/char/mchp_pfsoc_mmuart.h
 create mode 100644 hw/char/mchp_pfsoc_mmuart.c

diff --git a/include/hw/char/mchp_pfsoc_mmuart.h 
b/include/hw/char/mchp_pfsoc_mmuart.h
new file mode 100644
index 000..f619902
--- /dev/null
+++ b/include/hw/char/mchp_pfsoc_mmuart.h
@@ -0,0 +1,61 @@
+/*
+ * Microchip PolarFire SoC MMUART emulation
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_MCHP_PFSOC_MMUART_H
+#define HW_MCHP_PFSOC_MMUART_H
+
+#include "hw/char/serial.h"
+
+#define MCHP_PFSOC_MMUART_REG_SIZE  52
+
+typedef struct MchpPfSoCMMUartState {
+MemoryRegion iomem;
+hwaddr base;
+qemu_irq irq;
+
+SerialMM *serial;
+
+uint32_t reg[MCHP_PFSOC_MMUART_REG_SIZE / sizeof(uint32_t)];
+} MchpPfSoCMMUartState;
+
+/**
+ * mchp_pfsoc_mmuart_create - Create a Microchip PolarFire SoC MMUART
+ *
+ * This is a helper routine for board to create a MMUART device that is
+ * compatible with Microchip PolarFire SoC.
+ *
+ * @sysmem: system memory region to map
+ * @base: base address of the MMUART registers
+ * @irq: IRQ number of the MMUART device
+ * @chr: character device to associate to
+ *
+ * @return: a pointer to the device specific control structure
+ */
+MchpPfSoCMMUartState *mchp_pfsoc_mmuart_create(MemoryRegion *sysmem,
+hwaddr base, qemu_irq irq, Chardev *chr);
+
+#endif /* HW_MCHP_PFSOC_MMUART_H */
diff --git a/hw/char/mchp_pfsoc_mmuart.c b/hw/char/mchp_pfsoc_mmuart.c
new file mode 100644
index 000..8a002b0
--- /dev/null
+++ b/hw/char/mchp_pfsoc_mmuart.c
@@ -0,0 +1,86 @@
+/*
+ * Microchip PolarFire SoC MMUART emulation
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "chardev/char.h"
+#include "exec/address-spaces.h"
+#include "hw/char/mchp_pfsoc_mmuart.h"
+
+static uint64_t mchp_pfsoc_mmuart_read(void *opaque, hwaddr addr, unsigned 
size)
+{
+MchpPfSoCMMUartState *s = opaque;
+
+if (addr >= MCHP_PFSOC_MMUART_REG_SIZE) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: read: addr=0x%" HWADDR_PRIx "\n",
+  __func__, addr);
+return 0;
+}
+
+return s->reg[addr / sizeof(uint32_t)];
+}
+
+static void mchp_pfsoc_mmuart_write(void *opaque, hwaddr addr,
+uint64_t value, unsigned size)
+{
+MchpPfSoCMMUartState *s = opaque;
+uint32_t val32 = (uint32_t)value;
+
+if (addr >= MCHP_PFSOC_MMUART_REG_SIZE) {
+

[PATCH v3 13/16] hw/riscv: microchip_pfsoc: Connect 2 Cadence GEMs

[Bin Meng]

From: Bin Meng 

Microchip PolarFire SoC integrates 2 Candence GEMs to provide
IEEE 802.3 standard-compliant 10/100/1000 Mbps ethernet interface.

On the Icicle Kit board, GEM0 connects to a PHY at address 8 while
GEM1 connects to a PHY at address 9.

The 2nd stage bootloader (U-Boot) is using GEM1 by default, so we
must specify 2 '-nic' options from the command line in order to get
a working ethernet.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 include/hw/riscv/microchip_pfsoc.h |  7 +++
 hw/riscv/microchip_pfsoc.c | 39 ++
 2 files changed, 46 insertions(+)

diff --git a/include/hw/riscv/microchip_pfsoc.h 
b/include/hw/riscv/microchip_pfsoc.h
index 63e7860..6d20853 100644
--- a/include/hw/riscv/microchip_pfsoc.h
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -24,6 +24,7 @@
 
 #include "hw/char/mchp_pfsoc_mmuart.h"
 #include "hw/dma/sifive_pdma.h"
+#include "hw/net/cadence_gem.h"
 #include "hw/sd/cadence_sdhci.h"
 
 typedef struct MicrochipPFSoCState {
@@ -42,6 +43,8 @@ typedef struct MicrochipPFSoCState {
 MchpPfSoCMMUartState *serial3;
 MchpPfSoCMMUartState *serial4;
 SiFivePDMAState dma;
+CadenceGEMState gem0;
+CadenceGEMState gem1;
 CadenceSDHCIState sdhci;
 } MicrochipPFSoCState;
 
@@ -84,6 +87,8 @@ enum {
 MICROCHIP_PFSOC_MMUART2,
 MICROCHIP_PFSOC_MMUART3,
 MICROCHIP_PFSOC_MMUART4,
+MICROCHIP_PFSOC_GEM0,
+MICROCHIP_PFSOC_GEM1,
 MICROCHIP_PFSOC_ENVM_CFG,
 MICROCHIP_PFSOC_ENVM_DATA,
 MICROCHIP_PFSOC_IOSCB_CFG,
@@ -99,6 +104,8 @@ enum {
 MICROCHIP_PFSOC_DMA_IRQ5 = 10,
 MICROCHIP_PFSOC_DMA_IRQ6 = 11,
 MICROCHIP_PFSOC_DMA_IRQ7 = 12,
+MICROCHIP_PFSOC_GEM0_IRQ = 64,
+MICROCHIP_PFSOC_GEM1_IRQ = 70,
 MICROCHIP_PFSOC_EMMC_SD_IRQ = 88,
 MICROCHIP_PFSOC_MMUART0_IRQ = 90,
 MICROCHIP_PFSOC_MMUART1_IRQ = 91,
diff --git a/hw/riscv/microchip_pfsoc.c b/hw/riscv/microchip_pfsoc.c
index d8ec973..7f25609 100644
--- a/hw/riscv/microchip_pfsoc.c
+++ b/hw/riscv/microchip_pfsoc.c
@@ -14,6 +14,7 @@
  * 3) MMUARTs (Multi-Mode UART)
  * 4) Cadence eMMC/SDHC controller and an SD card connected to it
  * 5) SiFive Platform DMA (Direct Memory Access Controller)
+ * 6) GEM (Gigabit Ethernet MAC Controller)
  *
  * This board currently generates devicetree dynamically that indicates at 
least
  * two harts and up to five harts.
@@ -59,6 +60,9 @@
 #define BIOS_FILENAME   "hss.bin"
 #define RESET_VECTOR0x2022
 
+/* GEM version */
+#define GEM_REVISION0x0107010c
+
 static const struct MemmapEntry {
 hwaddr base;
 hwaddr size;
@@ -83,6 +87,8 @@ static const struct MemmapEntry {
 [MICROCHIP_PFSOC_MMUART2] = { 0x20102000, 0x1000 },
 [MICROCHIP_PFSOC_MMUART3] = { 0x20104000, 0x1000 },
 [MICROCHIP_PFSOC_MMUART4] = { 0x20106000, 0x1000 },
+[MICROCHIP_PFSOC_GEM0] ={ 0x2011, 0x2000 },
+[MICROCHIP_PFSOC_GEM1] ={ 0x20112000, 0x2000 },
 [MICROCHIP_PFSOC_ENVM_CFG] ={ 0x2020, 0x1000 },
 [MICROCHIP_PFSOC_ENVM_DATA] =   { 0x2022,0x2 },
 [MICROCHIP_PFSOC_IOSCB_CFG] =   { 0x3708, 0x1000 },
@@ -119,6 +125,9 @@ static void microchip_pfsoc_soc_instance_init(Object *obj)
 object_initialize_child(obj, "dma-controller", >dma,
 TYPE_SIFIVE_PDMA);
 
+object_initialize_child(obj, "gem0", >gem0, TYPE_CADENCE_GEM);
+object_initialize_child(obj, "gem1", >gem1, TYPE_CADENCE_GEM);
+
 object_initialize_child(obj, "sd-controller", >sdhci,
 TYPE_CADENCE_SDHCI);
 }
@@ -134,6 +143,7 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 MemoryRegion *envm_data = g_new(MemoryRegion, 1);
 char *plic_hart_config;
 size_t plic_hart_config_len;
+NICInfo *nd;
 int i;
 
 sysbus_realize(SYS_BUS_DEVICE(>e_cpus), _abort);
@@ -272,6 +282,35 @@ static void microchip_pfsoc_soc_realize(DeviceState *dev, 
Error **errp)
 qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_MMUART4_IRQ),
 serial_hd(4));
 
+/* GEMs */
+
+nd = _table[0];
+if (nd->used) {
+qemu_check_nic_model(nd, TYPE_CADENCE_GEM);
+qdev_set_nic_properties(DEVICE(>gem0), nd);
+}
+nd = _table[1];
+if (nd->used) {
+qemu_check_nic_model(nd, TYPE_CADENCE_GEM);
+qdev_set_nic_properties(DEVICE(>gem1), nd);
+}
+
+object_property_set_int(OBJECT(>gem0), "revision", GEM_REVISION, errp);
+object_property_set_int(OBJECT(>gem0), "phy-addr", 8, errp);
+sysbus_realize(SYS_BUS_DEVICE(>gem0), errp);
+sysbus_mmio_map(SYS_BUS_DEVICE(>gem0), 0,
+memmap[MICROCHIP_PFSOC_GEM0].base);
+sysbus_connect_irq(SYS_BUS_DEVICE(>gem0), 0,
+qdev_get_gpio_in(DEVICE(s->plic), MICROCHIP_PFSOC_GEM0_IRQ));
+
+object_property_set_int(OBJECT(>gem1), "revision", GEM_REVISION, errp);
+

[PATCH v3 02/16] hw/riscv: hart: Add a new 'resetvec' property

[Bin Meng]

From: Bin Meng 

RISC-V machines do not instantiate RISC-V CPUs directly, instead
they do that via the hart array. Add a new property for the reset
vector address to allow the value to be passed to the CPU, before
CPU is realized.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 include/hw/riscv/riscv_hart.h | 1 +
 hw/riscv/riscv_hart.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/include/hw/riscv/riscv_hart.h b/include/hw/riscv/riscv_hart.h
index c75856f..77aa4bc 100644
--- a/include/hw/riscv/riscv_hart.h
+++ b/include/hw/riscv/riscv_hart.h
@@ -37,6 +37,7 @@ typedef struct RISCVHartArrayState {
 uint32_t num_harts;
 uint32_t hartid_base;
 char *cpu_type;
+uint64_t resetvec;
 RISCVCPU *harts;
 } RISCVHartArrayState;
 
diff --git a/hw/riscv/riscv_hart.c b/hw/riscv/riscv_hart.c
index f59fe52..613ea2a 100644
--- a/hw/riscv/riscv_hart.c
+++ b/hw/riscv/riscv_hart.c
@@ -31,6 +31,8 @@ static Property riscv_harts_props[] = {
 DEFINE_PROP_UINT32("num-harts", RISCVHartArrayState, num_harts, 1),
 DEFINE_PROP_UINT32("hartid-base", RISCVHartArrayState, hartid_base, 0),
 DEFINE_PROP_STRING("cpu-type", RISCVHartArrayState, cpu_type),
+DEFINE_PROP_UINT64("resetvec", RISCVHartArrayState, resetvec,
+   DEFAULT_RSTVEC),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -44,6 +46,7 @@ static bool riscv_hart_realize(RISCVHartArrayState *s, int 
idx,
char *cpu_type, Error **errp)
 {
 object_initialize_child(OBJECT(s), "harts[*]", >harts[idx], cpu_type);
+qdev_prop_set_uint64(DEVICE(>harts[idx]), "resetvec", s->resetvec);
 s->harts[idx].env.mhartid = s->hartid_base + idx;
 qemu_register_reset(riscv_harts_cpu_reset, >harts[idx]);
 return qdev_realize(DEVICE(>harts[idx]), NULL, errp);
-- 
2.7.4

[PATCH v3 04/16] hw/riscv: Initial support for Microchip PolarFire SoC Icicle Kit board

[Bin Meng]

From: Bin Meng 

This is an initial support for Microchip PolarFire SoC Icicle Kit.
The Icicle Kit board integrates a PolarFire SoC, with one SiFive's
E51 plus four U54 cores and many on-chip peripherals and an FPGA.

For more details about Microchip PolarFire Soc, please see:
https://www.microsemi.com/product-directory/soc-fpgas/5498-polarfire-soc-fpga

Unlike SiFive FU540, the RISC-V core resect vector is at 0x2022.
The following perepherals are created as an unimplemented device:

- Bus Error Uint 0/1/2/3/4
- L2 cache controller
- SYSREG
- MPUCFG
- IOSCBCFG

More devices will be added later.

The BIOS image used by this machine is hss.bin, aka Hart Software
Services, which can be built from:
https://github.com/polarfire-soc/hart-software-services

To launch this machine:
$ qemu-system-riscv64 -nographic -M microchip-icicle-kit

The memory is set to 1 GiB by default to match the hardware.
A sanity check on ram size is performed in the machine init routine
to prompt user to increase the RAM size to > 1 GiB when less than
1 GiB ram is detected.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 default-configs/riscv64-softmmu.mak |   1 +
 include/hw/riscv/microchip_pfsoc.h  |  88 ++
 hw/riscv/microchip_pfsoc.c  | 312 
 MAINTAINERS |   7 +
 hw/riscv/Kconfig|   6 +
 hw/riscv/meson.build|   1 +
 6 files changed, 415 insertions(+)
 create mode 100644 include/hw/riscv/microchip_pfsoc.h
 create mode 100644 hw/riscv/microchip_pfsoc.c

diff --git a/default-configs/riscv64-softmmu.mak 
b/default-configs/riscv64-softmmu.mak
index aaf6d73..76b6195 100644
--- a/default-configs/riscv64-softmmu.mak
+++ b/default-configs/riscv64-softmmu.mak
@@ -10,3 +10,4 @@ CONFIG_SPIKE=y
 CONFIG_SIFIVE_E=y
 CONFIG_SIFIVE_U=y
 CONFIG_RISCV_VIRT=y
+CONFIG_MICROCHIP_PFSOC=y
diff --git a/include/hw/riscv/microchip_pfsoc.h 
b/include/hw/riscv/microchip_pfsoc.h
new file mode 100644
index 000..1953ef1
--- /dev/null
+++ b/include/hw/riscv/microchip_pfsoc.h
@@ -0,0 +1,88 @@
+/*
+ * Microchip PolarFire SoC machine interface
+ *
+ * Copyright (c) 2020 Wind River Systems, Inc.
+ *
+ * Author:
+ *   Bin Meng 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#ifndef HW_MICROCHIP_PFSOC_H
+#define HW_MICROCHIP_PFSOC_H
+
+typedef struct MicrochipPFSoCState {
+/*< private >*/
+DeviceState parent_obj;
+
+/*< public >*/
+CPUClusterState e_cluster;
+CPUClusterState u_cluster;
+RISCVHartArrayState e_cpus;
+RISCVHartArrayState u_cpus;
+DeviceState *plic;
+} MicrochipPFSoCState;
+
+#define TYPE_MICROCHIP_PFSOC"microchip.pfsoc"
+#define MICROCHIP_PFSOC(obj) \
+OBJECT_CHECK(MicrochipPFSoCState, (obj), TYPE_MICROCHIP_PFSOC)
+
+typedef struct MicrochipIcicleKitState {
+/*< private >*/
+MachineState parent_obj;
+
+/*< public >*/
+MicrochipPFSoCState soc;
+} MicrochipIcicleKitState;
+
+#define TYPE_MICROCHIP_ICICLE_KIT_MACHINE \
+MACHINE_TYPE_NAME("microchip-icicle-kit")
+#define MICROCHIP_ICICLE_KIT_MACHINE(obj) \
+OBJECT_CHECK(MicrochipIcicleKitState, (obj), \
+ TYPE_MICROCHIP_ICICLE_KIT_MACHINE)
+
+enum {
+MICROCHIP_PFSOC_DEBUG,
+MICROCHIP_PFSOC_E51_DTIM,
+MICROCHIP_PFSOC_BUSERR_UNIT0,
+MICROCHIP_PFSOC_BUSERR_UNIT1,
+MICROCHIP_PFSOC_BUSERR_UNIT2,
+MICROCHIP_PFSOC_BUSERR_UNIT3,
+MICROCHIP_PFSOC_BUSERR_UNIT4,
+MICROCHIP_PFSOC_CLINT,
+MICROCHIP_PFSOC_L2CC,
+MICROCHIP_PFSOC_L2LIM,
+MICROCHIP_PFSOC_PLIC,
+MICROCHIP_PFSOC_SYSREG,
+MICROCHIP_PFSOC_MPUCFG,
+MICROCHIP_PFSOC_ENVM_CFG,
+MICROCHIP_PFSOC_ENVM_DATA,
+MICROCHIP_PFSOC_IOSCB_CFG,
+MICROCHIP_PFSOC_DRAM,
+};
+
+#define MICROCHIP_PFSOC_MANAGEMENT_CPU_COUNT1
+#define MICROCHIP_PFSOC_COMPUTE_CPU_COUNT   4
+
+#define MICROCHIP_PFSOC_PLIC_HART_CONFIG"MS"
+#define MICROCHIP_PFSOC_PLIC_NUM_SOURCES185
+#define MICROCHIP_PFSOC_PLIC_NUM_PRIORITIES 7
+#define MICROCHIP_PFSOC_PLIC_PRIORITY_BASE  0x04
+#define MICROCHIP_PFSOC_PLIC_PENDING_BASE   0x1000
+#define MICROCHIP_PFSOC_PLIC_ENABLE_BASE0x2000
+#define MICROCHIP_PFSOC_PLIC_ENABLE_STRIDE  0x80
+#define MICROCHIP_PFSOC_PLIC_CONTEXT_BASE   0x20
+#define MICROCHIP_PFSOC_PLIC_CONTEXT_STRIDE 0x1000
+
+#endif /* HW_MICROCHIP_PFSOC_H */
diff --git 

[PATCH v3 11/16] hw/net: cadence_gem: Add a new 'phy-addr' property

[Bin Meng]

From: Bin Meng 

At present the PHY address of the PHY connected to GEM is hard-coded
to either 23 (BOARD_PHY_ADDRESS) or 0. This might not be the case for
all boards. Add a new 'phy-addr' property so that board can specify
the PHY address for each GEM instance.

Signed-off-by: Bin Meng 

---

(no changes since v2)

Changes in v2:
- change "phy-addr" default value to BOARD_PHY_ADDRESS

 include/hw/net/cadence_gem.h | 2 ++
 hw/net/cadence_gem.c | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/hw/net/cadence_gem.h b/include/hw/net/cadence_gem.h
index 54e646f..01c6189 100644
--- a/include/hw/net/cadence_gem.h
+++ b/include/hw/net/cadence_gem.h
@@ -73,6 +73,8 @@ typedef struct CadenceGEMState {
 /* Mask of register bits which are write 1 to clear */
 uint32_t regs_w1c[CADENCE_GEM_MAXREG];
 
+/* PHY address */
+uint8_t phy_addr;
 /* PHY registers backing store */
 uint16_t phy_regs[32];
 
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index a93b5c0..d80096b 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -1446,7 +1446,7 @@ static uint64_t gem_read(void *opaque, hwaddr offset, 
unsigned size)
 uint32_t phy_addr, reg_num;
 
 phy_addr = (retval & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
-if (phy_addr == BOARD_PHY_ADDRESS || phy_addr == 0) {
+if (phy_addr == s->phy_addr || phy_addr == 0) {
 reg_num = (retval & GEM_PHYMNTNC_REG) >> 
GEM_PHYMNTNC_REG_SHIFT;
 retval &= 0x;
 retval |= gem_phy_read(s, reg_num);
@@ -1569,7 +1569,7 @@ static void gem_write(void *opaque, hwaddr offset, 
uint64_t val,
 uint32_t phy_addr, reg_num;
 
 phy_addr = (val & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT;
-if (phy_addr == BOARD_PHY_ADDRESS || phy_addr == 0) {
+if (phy_addr == s->phy_addr || phy_addr == 0) {
 reg_num = (val & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT;
 gem_phy_write(s, reg_num, val);
 }
@@ -1682,6 +1682,7 @@ static Property gem_properties[] = {
 DEFINE_NIC_PROPERTIES(CadenceGEMState, conf),
 DEFINE_PROP_UINT32("revision", CadenceGEMState, revision,
GEM_MODID_VALUE),
+DEFINE_PROP_UINT8("phy-addr", CadenceGEMState, phy_addr, 
BOARD_PHY_ADDRESS),
 DEFINE_PROP_UINT8("num-priority-queues", CadenceGEMState,
   num_priority_queues, 1),
 DEFINE_PROP_UINT8("num-type1-screeners", CadenceGEMState,
-- 
2.7.4

[PATCH v3 01/16] target/riscv: cpu: Add a new 'resetvec' property

[Bin Meng]

From: Bin Meng 

Currently the reset vector address is hard-coded in a RISC-V CPU's
instance_init() routine. In a real world we can have 2 exact same
CPUs except for the reset vector address, which is pretty common in
the RISC-V core IP licensing business.

Normally reset vector address is a configurable parameter. Let's
create a 64-bit property to store the reset vector address which
covers both 32-bit and 64-bit CPUs.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
---

(no changes since v1)

 target/riscv/cpu.h | 1 +
 target/riscv/cpu.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 383808b..dc350f0 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -291,6 +291,7 @@ typedef struct RISCVCPU {
 uint16_t elen;
 bool mmu;
 bool pmp;
+uint64_t resetvec;
 } cfg;
 } RISCVCPU;
 
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 228b9bd..8067a26 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -518,6 +518,7 @@ static Property riscv_cpu_properties[] = {
 DEFINE_PROP_UINT16("elen", RISCVCPU, cfg.elen, 64),
 DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
 DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
+DEFINE_PROP_UINT64("resetvec", RISCVCPU, cfg.resetvec, DEFAULT_RSTVEC),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
2.7.4

[PATCH v3 00/16] hw/riscv: Add Microchip PolarFire SoC Icicle Kit board support

[Bin Meng]

From: Bin Meng 

This adds support for Microchip PolarFire SoC Icicle Kit board.
The Icicle Kit board integrates a PolarFire SoC, with one SiFive's
E51 plus four U54 cores and many on-chip peripherals and an FPGA.

For more details about Microchip PolarFire SoC, please see:
https://www.microsemi.com/product-directory/soc-fpgas/5498-polarfire-soc-fpga

The Icicle Kit board information can be found here:
https://www.microsemi.com/existing-parts/parts/152514

Unlike SiFive FU540, the RISC-V core resect vector is at 0x2022.
The RISC-V CPU and HART codes has been updated to set the core's
reset vector based on a configurable property from machine codes.

The following perepherals are created as an unimplemented device:

- Bus Error Uint 0/1/2/3/4
- L2 cache controller
- SYSREG
- MPUCFG
- IOSCBCFG
- GPIO

The following perepherals are emulated:
- SiFive CLINT
- SiFive PLIC
- PolarFire SoC Multi-Mode UART
- SiFive PDMA
- Cadence eMMC/SDHCI controller
- Cadence Gigabit Ethernet MAC

The BIOS image used by this machine is hss.bin, aka Hart Software
Services, which can be built from:
https://github.com/polarfire-soc/hart-software-services

To launch this machine:
$ qemu-system-riscv64 -M microchip-icicle-kit -smp 5 \
-bios path/to/hss.bin -sd path/to/sdcard.img \
-nic tap,ifname=tap,script=no,model=cadence_gem \
-display none -serial stdio \
-chardev socket,id=serial1,path=serial1.sock,server,wait \
-serial chardev:serial1

The memory is set to 1 GiB by default to match the hardware.
A sanity check on ram size is performed in the machine init routine
to prompt user to increase the RAM size to > 1 GiB when less than
1 GiB ram is detected.

HSS output is on the first serial port (stdio) and U-Boot/Linux
outputs on the 2nd serial port. OpenSBI outputs on a random serial
port due to the lottery mechanism used during the multi-core boot.

Please check the QEMU WiKi page for the target specific information:
https://wiki.qemu.org/Documentation/Platforms/RISCV#Microchip_PolarFire_SoC_Icicle_Kit

Changes in v3:
- rebase on qemu/master
- change MCHP_PFSOC_DMA to SIFIVE_PDMA
- use the correct (Object *) to set the 'phy-addr' in xlnx-zynqmp.c

Changes in v2:
- change to update hw/char/meson.build
- add impl.min_access_size and impl.max_access_size as part of
  MemoryRegionOps and remove the allignment check
- change to update hw/sd/meson.build
- change the name to "generic-sdhci" when calling object_initialize_child()
- add a container MR to simplify out-of-bounds access checks
- do not initialize TYPE_SYSBUS_SDHCI in the SoC instance_init(),
  instead move that to the cadence_sdhci model
- do not access generic-sdhci's state directly,
  instead move that to the cadence_sdhci model
- change to update hw/dma/meson.build
- rename the file names to sifive_pdma.[c|h]
- update irq number to 8 per the SiFive FU540 manual
- fix the register offset for channel 1/2/3 in the read/write ops
- connect 8 IRQs to the PLIC
- change "phy-addr" default value to BOARD_PHY_ADDRESS

Bin Meng (16):
  target/riscv: cpu: Add a new 'resetvec' property
  hw/riscv: hart: Add a new 'resetvec' property
  target/riscv: cpu: Set reset vector based on the configured property
value
  hw/riscv: Initial support for Microchip PolarFire SoC Icicle Kit board
  hw/char: Add Microchip PolarFire SoC MMUART emulation
  hw/riscv: microchip_pfsoc: Connect 5 MMUARTs
  hw/sd: Add Cadence SDHCI emulation
  hw/riscv: microchip_pfsoc: Connect a Cadence SDHCI controller and an
SD card
  hw/dma: Add SiFive platform DMA controller emulation
  hw/riscv: microchip_pfsoc: Connect a DMA controller
  hw/net: cadence_gem: Add a new 'phy-addr' property
  hw/arm: xlnx: Set all boards' GEM 'phy-addr' property value to 23
  hw/riscv: microchip_pfsoc: Connect 2 Cadence GEMs
  hw/riscv: microchip_pfsoc: Hook GPIO controllers
  hw/riscv: clint: Avoid using hard-coded timebase frequency
  hw/riscv: sifive_u: Connect a DMA controller

 default-configs/riscv64-softmmu.mak |   1 +
 include/hw/char/mchp_pfsoc_mmuart.h |  61 +
 include/hw/dma/sifive_pdma.h|  57 +
 include/hw/net/cadence_gem.h|   2 +
 include/hw/riscv/microchip_pfsoc.h  | 133 +++
 include/hw/riscv/riscv_hart.h   |   1 +
 include/hw/riscv/sifive_clint.h |   4 +-
 include/hw/riscv/sifive_u.h |  11 +
 include/hw/sd/cadence_sdhci.h   |  47 
 target/riscv/cpu.h  |   7 +-
 hw/arm/xilinx_zynq.c|   1 +
 hw/arm/xlnx-versal.c|   1 +
 hw/arm/xlnx-zynqmp.c|   2 +
 hw/char/mchp_pfsoc_mmuart.c |  86 +++
 hw/dma/sifive_pdma.c| 313 ++
 hw/net/cadence_gem.c|   7 +-
 hw/riscv/microchip_pfsoc.c  | 437 
 hw/riscv/opentitan.c|   1 +
 hw/riscv/riscv_hart.c   |   3 +
 hw/riscv/sifive_clint.c |  26 ++-
 hw/riscv/sifive_e.c |   4 +-
 

Re: [PATCH v7 0/8] Generalize start-powered-off property from ARM

[Thiago Jung Bauermann]

David Gibson  writes:

> On Wed, Aug 26, 2020 at 02:55:27AM -0300, Thiago Jung Bauermann wrote:
>> This version fixes `make check` failures in ppc/e500.c, mips/cps.c and
>> sparc/sun4m.c. This was done by moving the qdev_realize_and_unref() call as
>> close as possible to the object_new() call, in order to keep the CPU object
>> construction as similar as possible to the earlier version which used
>> cpu_create().
>> 
>> I also had to change the patch which removed the main_cpu_reset() function
>> from sparc/sun4m.c. It was causing a `make check` failure but I can't
>> really explain why. See this message for a few more details:
>> 
>> https://lists.nongnu.org/archive/html/qemu-ppc/2020-08/msg00419.html
>> 
>> I dropped the Reviewed-by's on the changed patches because of these
>> changes.
>> 
>> Original cover letter below, followed by changelog:
>> 
>> The ARM code has a start-powered-off property in ARMCPU, which is a
>> subclass of CPUState. This property causes arm_cpu_reset() to set
>> CPUState::halted to 1, signalling that the CPU should start in a halted
>> state. Other architectures also have code which aim to achieve the same
>> effect, but without using a property.
>> 
>> The ppc/spapr version has a bug where QEMU does a KVM_RUN on the vcpu
>> before cs->halted is set to 1, causing the vcpu to run while it's still in
>> an unitialized state (more details in patch 3).
>> 
>> Peter Maydell mentioned the ARM start-powered-off property and
>> Eduardo Habkost suggested making it generic, so this patch series does
>> that, for all cases which I was able to find via grep in the code.
>> 
>> The only problem is that I was only able to test these changes on a ppc64le
>> pseries KVM guest, so except for patches 2 and 3, all others are only
>> build-tested. Also, my grasp of QOM lifecycle is basically non-existant so
>> please be aware of that when reviewing this series.
>> 
>> The last patch may be wrong, as pointed out by Eduardo, so I marked it as
>> RFC. It may make sense to drop it.
>
> Applied to ppc-for-5.2, thanks.

Thank you!

-- 
Thiago Jung Bauermann
IBM Linux Technology Center

Re: [PULL 00/76] target/microblaze improvements

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200831160601.833692-1-richard.hender...@linaro.org/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Host machine cpu: x86_64
Target machine cpu family: x86
Target machine cpu: x86_64
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or 
forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
C++ compiler for the host machine: x86_64-w64-mingw32-g++ (gcc 9.2.1 
"x86_64-w64-mingw32-g++ (GCC) 9.2.1 20190827 (Fedora MinGW 9.2.1-6.fc32)")
---
 Linux keyring: NO

Found ninjatool-1.8 at /tmp/qemu-test/build/ninjatool
WARNING: custom_target 'shared QAPI source files' has more than one output! 
Using the first one.
WARNING: custom_target 'QGA QAPI files' has more than one output! Using the 
first one.
WARNING: custom_target 'QAPI files for qemu-storage-daemon' has more than one 
output! Using the first one.
WARNING: custom_target 'QAPI doc' has more than one output! Using the first one.
WARNING: custom_target 'tools man pages' has more than one output! Using the 
first one.
WARNING: custom_target 'system man pages' has more than one output! Using the 
first one.
Command line for building ['libcommon.fa'] is long, using a response file
/usr/bin/python3 -B /tmp/qemu-test/src/meson/meson.py introspect --tests | 
/usr/bin/python3 -B scripts/mtest2make.py > Makefile.mtest
./ninjatool -t ninja2make --omit clean dist uninstall < build.ninja > 
Makefile.ninja
---
Host machine cpu: i386
Target machine cpu family: x86
Target machine cpu: i386
../src/meson.build:10: WARNING: Module unstable-keyval has no backwards or 
forwards compatibility and might not exist in future releases.
Program sh found: YES
Program python3 found: YES (/usr/bin/python3)
C++ compiler for the host machine: i686-w64-mingw32-g++ (gcc 9.2.1 
"i686-w64-mingw32-g++ (GCC) 9.2.1 20190827 (Fedora MinGW 9.2.1-6.fc32)")
---
 Linux keyring: NO

Found ninjatool-1.8 at /tmp/qemu-test/build/ninjatool
WARNING: custom_target 'shared QAPI source files' has more than one output! 
Using the first one.
WARNING: custom_target 'QGA QAPI files' has more than one output! Using the 
first one.
WARNING: custom_target 'QAPI files for qemu-storage-daemon' has more than one 
output! Using the first one.
WARNING: custom_target 'QAPI doc' has more than one output! Using the first one.
WARNING: custom_target 'tools man pages' has more than one output! Using the 
first one.
WARNING: custom_target 'system man pages' has more than one output! Using the 
first one.
Command line for building ['libcommon.fa'] is long, using a response file
/usr/bin/python3 -B /tmp/qemu-test/src/meson/meson.py introspect --tests | 
/usr/bin/python3 -B scripts/mtest2make.py > Makefile.mtest
./ninjatool -t ninja2make --omit clean dist uninstall < build.ninja > 
Makefile.ninja
---
 from /tmp/qemu-test/src/include/exec/exec-all.h:26,
 from ../src/target/i386/machine.c:3:
/tmp/qemu-test/src/include/tcg/tcg.h: In function 'tcg_get_insn_start_param':
/tmp/qemu-test/src/include/tcg/tcg.h:796:49: error: left shift count >= width 
of type [-Werror=shift-count-overflow]
  796 |(tcg_get_insn_param(op, arg * 2 + 1) << 32);
  | ^~
cc1: all warnings being treated as errors
make: *** [Makefile.ninja:1533: 
libqemu-x86_64-softmmu.fa.p/target_i386_machine.c.obj] Error 1
make: *** Waiting for unfinished jobs
In file included from ../src/hw/i386/kvmvapic.c:24:
/tmp/qemu-test/src/include/tcg/tcg.h: In function 'tcg_get_insn_start_param':
/tmp/qemu-test/src/include/tcg/tcg.h:796:49: error: left shift count >= width 
of type [-Werror=shift-count-overflow]
  796 |(tcg_get_insn_param(op, arg * 2 + 1) << 32);
  | ^~
cc1: all warnings being treated as errors
make: *** [Makefile.ninja:1546: 
libqemu-x86_64-softmmu.fa.p/hw_i386_kvmvapic.c.obj] Error 1
In file included from /tmp/qemu-test/src/include/exec/cpu_ldst.h:295,
 from ../src/target/i386/mpx_helper.c:23:
/tmp/qemu-test/src/include/tcg/tcg.h: In function 'tcg_get_insn_start_param':
/tmp/qemu-test/src/include/tcg/tcg.h:796:49: error: left shift count >= width 
of type [-Werror=shift-count-overflow]
  796 |(tcg_get_insn_param(op, arg * 2 + 1) << 32);
  | ^~
cc1: all warnings being treated as errors
make: *** [Makefile.ninja:1554: 
libqemu-x86_64-softmmu.fa.p/target_i386_mpx_helper.c.obj] Error 1
In file included from /tmp/qemu-test/src/include/exec/cpu_ldst.h:295,
 

Re: [PULL 00/76] target/microblaze improvements

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20200831160601.833692-1-richard.hender...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20200831160601.833692-1-richard.hender...@linaro.org
Subject: [PULL 00/76] target/microblaze improvements

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   4bc08c6..2f4c51c  master -> master
 - [tag update]  patchew/20200826171005.4055015-1-ehabk...@redhat.com -> 
patchew/20200826171005.4055015-1-ehabk...@redhat.com
 - [tag update]  patchew/20200827113259.25064-1-peter.mayd...@linaro.org -> 
patchew/20200827113259.25064-1-peter.mayd...@linaro.org
 - [tag update]  patchew/20200827124335.30586-1-l...@nuviainc.com -> 
patchew/20200827124335.30586-1-l...@nuviainc.com
 - [tag update]  patchew/20200827173051.31050-1...@weilnetz.de -> 
patchew/20200827173051.31050-1...@weilnetz.de
 - [tag update]  patchew/20200827175520.32355-1...@weilnetz.de -> 
patchew/20200827175520.32355-1...@weilnetz.de
 - [tag update]  patchew/20200827210920.111611-1...@weilnetz.de -> 
patchew/20200827210920.111611-1...@weilnetz.de
 - [tag update]  
patchew/20200828141929.77854-1-richard.hender...@linaro.org -> 
patchew/20200828141929.77854-1-richard.hender...@linaro.org
 - [tag update]  
patchew/20200828180243.443016-1-richard.hender...@linaro.org -> 
patchew/20200828180243.443016-1-richard.hender...@linaro.org
 * [new tag] patchew/20200831235146.36045-1-da...@gibson.dropbear.id.au 
-> patchew/20200831235146.36045-1-da...@gibson.dropbear.id.au
Switched to a new branch 'test'
0d7dedb target/microblaze: Reduce linux-user address space to 32-bit
5f8c3e2 target/microblaze: Add flags markup to some helpers
466a318 target/microblaze: Remove cpu_R[0]
b1fb8b5 target/microblaze: Remove last of old decoder
0dfefb5 target/microblaze: Convert dec_stream to decodetree
c8b363c target/microblaze: Convert dec_msr to decodetree
7694f94 target/microblaze: Convert msrclr, msrset to decodetree
7dd5ab7 target/microblaze: Tidy do_rti, do_rtb, do_rte
539026b target/microblaze: Convert dec_rts to decodetree
4a40a45 target/microblaze: Convert dec_bcc to decodetree
eac8dd6 target/microblaze: Convert dec_br to decodetree
224c085 target/microblaze: Reorganize branching
f419c16 target/microblaze: Convert mbar to decodetree
c8837be target/microblaze: Convert brk and brki to decodetree
3a87b51 target/microblaze: Tidy mb_cpu_dump_state
1424196 target/microblaze: Replace delayed_branch with tb_flags_to_set
0ae7328 target/microblaze: Replace clear_imm with tb_flags_to_set
0954fbf target/microblaze: Use cc->do_unaligned_access
3c786be tcg: Add tcg_get_insn_start_param
15f0392 target/microblaze: Store "current" iflags in insn_start
dd4c8f4 target/microblaze: Fix no-op mb_cpu_transaction_failed
dd0128a target/microblaze: Move bimm to BIMM_FLAG
640419e target/microblaze: Assert no overlap in flags making up tb_flags
c53dbea target/microblaze: Convert dec_load and dec_store to decodetree
c725fe0 target/microblaze: Fix cpu unwind for stackprot
dbd989d target/microblaze: Cache mem_index in DisasContext
d927735 target/microblaze: Replace MSR_EE_FLAG with MSR_EE
d284d29 target/microblaze: Mark fpu helpers TCG_CALL_NO_WG
7e91cb3 target/microblaze: Fix cpu unwind for fpu exceptions
0a82365 target/microblaze: Convert dec_fpu to decodetree
fdc326c target/microblaze: Convert dec_imm to decodetree
46ffb06 target/microblaze: Convert dec_barrel to decodetree
fc30359 target/microblaze: Convert dec_bit to decodetree
9e7444e target/microblaze: Unwind properly when raising divide-by-zero
38ac916 target/microblaze: Convert dec_div to decodetree
a05d432 target/microblaze: Convert dec_mul to decodetree
15fe607 target/microblaze: Convert dec_and, dec_or, dec_xor to decodetree
6320c68 target/microblaze: Convert dec_pattern to decodetree
9551f17 target/microblaze: Implement cmp and cmpu inline
873ee28 target/microblaze: Convert dec_sub to decodetree
165699d target/microblaze: Convert dec_add to decodetree
ff24f67 target/microblaze: Add decodetree infrastructure
212839a target/microblaze: Ensure imm constant is always available
c6fc5d4 target/microblaze: Remove LOG_DIS
6b9d549 target/microblaze: Remove empty D macros
634c628 target/microblaze: Remove DISAS_GNU
f6e12e6 target/microblaze: Remove SIM_COMPAT
fd60a2a target/microblaze: Convert to translator_loop
137c956 target/microblaze: Convert to DisasContextBase
e9d715a target/microblaze: Check singlestep_enabled in gen_goto_tb
c2aa981 target/microblaze: Use DISAS_NORETURN
24e5371 target/microblaze: Split out MSR[C] to its own variable
089d389 target/microblaze: Tidy mb_tcg_init

[PATCH v2 1/3] adb: Correct class size on TYPE_ADB_DEVICE

[David Gibson]

The TypeInfo incorrectly just lets the class size be inherited.  It won't
actually break things, since the class is abstract, but we should get it
right.

Signed-off-by: David Gibson 
---
 hw/input/adb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/input/adb.c b/hw/input/adb.c
index 013fcc9c54..84331b9fce 100644
--- a/hw/input/adb.c
+++ b/hw/input/adb.c
@@ -309,6 +309,7 @@ static void adb_device_class_init(ObjectClass *oc, void 
*data)
 static const TypeInfo adb_device_type_info = {
 .name = TYPE_ADB_DEVICE,
 .parent = TYPE_DEVICE,
+.class_size = sizeof(ADBDeviceClass),
 .instance_size = sizeof(ADBDevice),
 .abstract = true,
 .class_init = adb_device_class_init,
-- 
2.26.2

[PATCH v2 2/3] ppc/pnv: Fix TypeInfo of PnvLpcController abstract class

[David Gibson]

From: Cédric Le Goater 

It was missing the instance_size field.

Cc: Eduardo Habkost 
Signed-off-by: Cédric Le Goater 
Message-Id: <20200822083920.2668930-1-...@kaod.org>
Signed-off-by: David Gibson 
---
 hw/ppc/pnv_lpc.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/ppc/pnv_lpc.c b/hw/ppc/pnv_lpc.c
index b5ffa48dac..23f1e09492 100644
--- a/hw/ppc/pnv_lpc.c
+++ b/hw/ppc/pnv_lpc.c
@@ -646,7 +646,6 @@ static void pnv_lpc_power8_class_init(ObjectClass *klass, 
void *data)
 static const TypeInfo pnv_lpc_power8_info = {
 .name  = TYPE_PNV8_LPC,
 .parent= TYPE_PNV_LPC,
-.instance_size = sizeof(PnvLpcController),
 .class_init= pnv_lpc_power8_class_init,
 .interfaces = (InterfaceInfo[]) {
 { TYPE_PNV_XSCOM_INTERFACE },
@@ -687,7 +686,6 @@ static void pnv_lpc_power9_class_init(ObjectClass *klass, 
void *data)
 static const TypeInfo pnv_lpc_power9_info = {
 .name  = TYPE_PNV9_LPC,
 .parent= TYPE_PNV_LPC,
-.instance_size = sizeof(PnvLpcController),
 .class_init= pnv_lpc_power9_class_init,
 };
 
@@ -768,6 +766,7 @@ static void pnv_lpc_class_init(ObjectClass *klass, void 
*data)
 static const TypeInfo pnv_lpc_info = {
 .name  = TYPE_PNV_LPC,
 .parent= TYPE_DEVICE,
+.instance_size = sizeof(PnvLpcController),
 .class_init= pnv_lpc_class_init,
 .class_size= sizeof(PnvLpcClass),
 .abstract  = true,
-- 
2.26.2

Re: [PATCH 3/3] spapr: Correct type for SPAPR_DRC_PCI

[David Gibson]

On Wed, Aug 26, 2020 at 12:21:37PM -0400, Eduardo Habkost wrote:
> On Tue, Aug 25, 2020 at 09:16:27PM +1000, David Gibson wrote:
> > TYPE_SPAPR_DRC_PCI inherits from TYPE_SPAPR_DRC_PHYSICAL, so its checker
> > macro should use the corresponding instance type.  We got away with it
> > because we never actually used that checker macro.
> > 
> > Signed-off-by: David Gibson 
> > ---
> >  include/hw/ppc/spapr_drc.h | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
> > index 21af8deac1..baaaba3c1f 100644
> > --- a/include/hw/ppc/spapr_drc.h
> > +++ b/include/hw/ppc/spapr_drc.h
> > @@ -59,7 +59,7 @@
> >  OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_PCI)
> >  #define SPAPR_DRC_PCI_CLASS(klass) \
> >  OBJECT_CLASS_CHECK(SpaprDrcClass, klass, TYPE_SPAPR_DRC_PCI)
> > -#define SPAPR_DRC_PCI(obj) OBJECT_CHECK(SpaprDrc, (obj), \
> > +#define SPAPR_DRC_PCI(obj) OBJECT_CHECK(SpaprDrcPhysical, (obj), \
> >  TYPE_SPAPR_DRC_PCI)
> 
> I'm not sure this is really what we want to do.  This is what
> triggered the warning in my script, but it doesn't mean we want
> to use SpaprDrcPhysical here.
> 
> Code that needs a SpaprDrc* can use SPAPR_DR_CONNECTOR();
> code that needs a SpaprDrcPhysical* can use SPAPR_DRC_PHYSICAL().
> All the other OBJECT_CHECK(SpaprDrc, ...) and
> OBJECT_CHECK(SpaprDrcPhysical, ...) macros seem unnecessary.

Good point.  I've rewritten and am resending.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v2 3/3] spapr: Remove unnecessary DRC type-checker macros

[David Gibson]

spapr_drc.h includes typechecker macro boilerplate for the many different
DRC subclasses.  However, most of these types don't actually have different
data in their class and/or instance, making these unneeded, unused, and in
fact a bad idea.  Remove them.

Signed-off-by: David Gibson 
---
 include/hw/ppc/spapr_drc.h | 43 +-
 1 file changed, 1 insertion(+), 42 deletions(-)

diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
index 21af8deac1..f270860769 100644
--- a/include/hw/ppc/spapr_drc.h
+++ b/include/hw/ppc/spapr_drc.h
@@ -29,62 +29,21 @@
  TYPE_SPAPR_DR_CONNECTOR)
 
 #define TYPE_SPAPR_DRC_PHYSICAL "spapr-drc-physical"
-#define SPAPR_DRC_PHYSICAL_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_PHYSICAL)
-#define SPAPR_DRC_PHYSICAL_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, \
-   TYPE_SPAPR_DRC_PHYSICAL)
 #define SPAPR_DRC_PHYSICAL(obj) OBJECT_CHECK(SpaprDrcPhysical, (obj), \
  TYPE_SPAPR_DRC_PHYSICAL)
 
 #define TYPE_SPAPR_DRC_LOGICAL "spapr-drc-logical"
-#define SPAPR_DRC_LOGICAL_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_LOGICAL)
-#define SPAPR_DRC_LOGICAL_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, \
-   TYPE_SPAPR_DRC_LOGICAL)
-#define SPAPR_DRC_LOGICAL(obj) OBJECT_CHECK(SpaprDrc, (obj), \
- TYPE_SPAPR_DRC_LOGICAL)
 
 #define TYPE_SPAPR_DRC_CPU "spapr-drc-cpu"
-#define SPAPR_DRC_CPU_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_CPU)
-#define SPAPR_DRC_CPU_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, TYPE_SPAPR_DRC_CPU)
-#define SPAPR_DRC_CPU(obj) OBJECT_CHECK(SpaprDrc, (obj), \
-TYPE_SPAPR_DRC_CPU)
 
 #define TYPE_SPAPR_DRC_PCI "spapr-drc-pci"
-#define SPAPR_DRC_PCI_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_PCI)
-#define SPAPR_DRC_PCI_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, TYPE_SPAPR_DRC_PCI)
-#define SPAPR_DRC_PCI(obj) OBJECT_CHECK(SpaprDrc, (obj), \
-TYPE_SPAPR_DRC_PCI)
 
 #define TYPE_SPAPR_DRC_LMB "spapr-drc-lmb"
-#define SPAPR_DRC_LMB_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_LMB)
-#define SPAPR_DRC_LMB_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, TYPE_SPAPR_DRC_LMB)
-#define SPAPR_DRC_LMB(obj) OBJECT_CHECK(SpaprDrc, (obj), \
-TYPE_SPAPR_DRC_LMB)
 
 #define TYPE_SPAPR_DRC_PHB "spapr-drc-phb"
-#define SPAPR_DRC_PHB_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_PHB)
-#define SPAPR_DRC_PHB_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, TYPE_SPAPR_DRC_PHB)
-#define SPAPR_DRC_PHB(obj) OBJECT_CHECK(SpaprDrc, (obj), \
-TYPE_SPAPR_DRC_PHB)
 
 #define TYPE_SPAPR_DRC_PMEM "spapr-drc-pmem"
-#define SPAPR_DRC_PMEM_GET_CLASS(obj) \
-OBJECT_GET_CLASS(SpaprDrcClass, obj, TYPE_SPAPR_DRC_PMEM)
-#define SPAPR_DRC_PMEM_CLASS(klass) \
-OBJECT_CLASS_CHECK(SpaprDrcClass, klass, TYPE_SPAPR_DRC_PMEM)
-#define SPAPR_DRC_PMEM(obj) OBJECT_CHECK(SpaprDrc, (obj), \
- TYPE_SPAPR_DRC_PMEM)
+
 /*
  * Various hotplug types managed by SpaprDrc
  *
-- 
2.26.2

[PATCH v2 0/3] ppc: Fixes for class and instance size problems

[David Gibson]

As requested, some fixes for the ppc things found by Eduardo's
scripts.

Changes since v1:
 * Rewrote 3/3 to make a more sensible fix

Cédric Le Goater (1):
  ppc/pnv: Fix TypeInfo of PnvLpcController abstract class

David Gibson (2):
  adb: Correct class size on TYPE_ADB_DEVICE
  spapr: Remove unnecessary DRC type-checker macros

 hw/input/adb.c |  1 +
 hw/ppc/pnv_lpc.c   |  3 +--
 include/hw/ppc/spapr_drc.h | 43 +-
 3 files changed, 3 insertions(+), 44 deletions(-)

-- 
2.26.2

RE: [RFC PATCH v3 00/34] Hexagon patch series

[Taylor Simpson]

> -Original Message-
> From: Richard Henderson 
> Sent: Monday, August 31, 2020 2:44 PM
> To: Taylor Simpson ; qemu-devel@nongnu.org
> Cc: phi...@redhat.com; laur...@vivier.eu; riku.voi...@iki.fi;
> aleksandar.m.m...@gmail.com; a...@rev.ng
> Subject: Re: [RFC PATCH v3 00/34] Hexagon patch series
>
> On 8/31/20 10:57 AM, Taylor Simpson wrote:
> > OK, here's the list of items.  Let me know if I missed anything.  I'll
> > indicate which ones can be done quickly and which ones would take more
> time.
> > I added a column for blocker if you or anyone else has input on that.
> >
> > PatchItemEffortBlocker
> > Use qemu softfloat??Yes
>
> Hmm, this table didn't render.  Below, yes/no for blocker column.

Sorry about that - not sure what happened.

I will work all those you marked "yes" or "no, but should be easy".

> > 25Expand DECL/READ/WRITE/FREE macros into generated codesmall
>
> Yes.
>
> In the end I think some of these will in the end want to be helper functions.
> As I was thinking how to best write A2_add, I was thinking

See my response to the thread on patch 30/34.

Since you mention A2_paddit, here's what it would look like assuming it is 
overridden.

static void generate_A2_paddt(CPUHexagonState *env, DisasContext *ctx, insn_t 
*insn, packet_t *pkt)
{
/* A2_paddit */
int PuN = insn->regno[0];
TCGv PuV = hex_pred[PuN];
Int RdN = insn->regno[1];
TCGv RdV = tcg_temp_local_new();
if (!is_preloaded(ctx, RdN)) {
tcg_gen_mov_tl(hex_new_value[RdN], hex_gpr[RdN]);
}
int RsN = insn->regno[2];
TCGv RsV = hex_gpr[RsN];
int siV = insn->immed[0];

fGEN_TCG_A2_paddit({if(fLSBOLD(PuV)){fIMMEXT(siV); RdV=RsV+siV;} else 
{CANCEL;}});

gen_log_reg_write(RdN, RdV, insn->slot, 1);   /* Only does the write if we 
haven't cancelled */
ctx_log_reg_write(ctx, RdN);

tcg_temp_free(RdV);
/* A2_paddit */
}

Here's what the override looks like (there are a bunch of these, so we have a 
helper macro which could also be a function)
/* Predicated add instructions */
#define GEN_TCG_padd(PRED, ADD) \
do { \
TCGv LSB = tcg_temp_new(); \
TCGv mask = tcg_temp_new(); \
TCGv zero = tcg_const_tl(0); \
PRED; \
ADD; \
tcg_gen_movi_tl(mask, 1 << insn->slot); \
tcg_gen_or_tl(mask, hex_slot_cancelled, mask); \
tcg_gen_movcond_tl(TCG_COND_NE, hex_slot_cancelled, LSB, zero, \
   hex_slot_cancelled, mask); \
tcg_temp_free(LSB); \
tcg_temp_free(mask); \
tcg_temp_free(zero); \
} while (0)

#define fGEN_TCG_A2_paddit(SHORTCODE) \
GEN_TCG_padd(fLSBOLD(PuV), tcg_gen_addi_tl(RdV, RsV, siV))

Re: [PATCH v2 2/7] target/arm: add ARMCPUClass->do_interrupt_locked

[Philippe Mathieu-Daudé]

Le mar. 1 sept. 2020 00:02, Richard Henderson 
a écrit :

> On 8/31/20 2:18 PM, Richard Henderson wrote:
> > On 8/19/20 11:28 AM, Robert Foley wrote:
> >> Adding ->do_interrupt_locked to ARMCPUClass is preparation for
> >> pushing the BQL down into the per-arch implementation of ->do_interrupt.
> >>
> >> This is needed since ARM's *_cpu_exec_interrupt calls to *_do_interrupt.
> >> With the push down of the BQL into *_cpu_exec_interrupt and
> >> *_do_interrupt, *_cpu_exec_interrupt will call to ->do_interrupt
> >> with lock held.  Since ->do_interrupt also has the lock, we need a way
> >> to allow cpu_exec_interrupt to call do_interrupt with lock held.
> >> This patch solves this issue of *_cpu_exec_interrupt needing
> >> to call do_interrupt with lock held.
> >>
> >> This patch is part of a series of transitions to move the
> >> BQL down into the do_interrupt per arch functions.  This set of
> >> transitions is needed to maintain bisectability.
> >>
> >> This approach was suggested by Paolo Bonzini.
> >> For reference, here are two key posts in the discussion, explaining
> >> the reasoning/benefits of this approach.
> >> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00784.html
> >> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg01517.html
> >> https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg08731.html
> >> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00044.html
> >>
> >> Signed-off-by: Robert Foley 
> >> ---
> >>  target/arm/cpu-qom.h | 3 +++
> >>  target/arm/cpu.c | 5 +++--
> >>  target/arm/cpu_tcg.c | 5 +++--
> >>  3 files changed, 9 insertions(+), 4 deletions(-)
> >
> > Reviewed-by: Richard Henderson 
>
> I take it back.  These two cc->do_interrupt calls can be replaced with
> direct
> calls.
>
> > #ifndef CONFIG_USER_ONLY
> > cc->do_interrupt = arm_v7m_cpu_do_interrupt;
> > #endif
> >
> > cc->cpu_exec_interrupt = arm_v7m_cpu_exec_interrupt;
>
> If we are in arm_v7m_cpu_exec_interrupt we will always call
> arm_v7m_cpu_do_interrupt.
>
> I think the mismatch of #ifdef, which implies a different destination is
> possible, is a bug -- cc->do_interrupt is not otherwise assigned and in
> fact
> would be NULL.
>
> I suspect that some of these slots themselves should be ifdefed, so that we
> cannot assign to them when they are unused.  That would help keep the
> ifdefs in
> the cpu init functions in sync.
>

I tried to do this once but this breaks sizeof(CPUState) archived in
libqemu.a vs linking softmmu / user.
IIRC Peter explained why we can't do that. I'll search the post tomorrow.


> This same condition is *not* true for cris -- there is no
> crisv10_cpu_exec_interrupt -- so you do need the new do_interrupt_locked
> field
> there.
>
>
> r~
>
>

RE: [PATCH] WHPX: vmware cpuid leaf for tsc and apic frequency

[Sunil Muthuswamy]

Can I please get some eyes on this?

> -Original Message-
> From: Sunil Muthuswamy
> Sent: Thursday, July 30, 2020 3:11 PM
> To: Paolo Bonzini ; Richard Henderson 
> ; Eduardo Habkost 
> Cc: qemu-devel@nongnu.org; Stefan Weil 
> Subject: [PATCH] WHPX: vmware cpuid leaf for tsc and apic frequency
> 
> Newer versions of WHPX provide the capability to query the tsc
> and apic frequency. Expose these through the vmware cpuid leaf.
> This patch doesnt support setting the tsc frequency; that will
> come as a separate fix.
> 
> Signed-off-by: Sunil Muthuswamy 
> ---
>  target/i386/whp-dispatch.h |  3 +-
>  target/i386/whpx-all.c | 94 ++
>  2 files changed, 86 insertions(+), 11 deletions(-)
> 
> diff --git a/target/i386/whp-dispatch.h b/target/i386/whp-dispatch.h
> index e4695c349f..b18aba20ed 100644
> --- a/target/i386/whp-dispatch.h
> +++ b/target/i386/whp-dispatch.h
> @@ -2,10 +2,11 @@
>  #define WHP_DISPATCH_H
> 
>  #include 
> -
>  #include 
>  #include 
> 
> +#define WHV_E_UNKNOWN_CAPABILITY 0x80370300L
> +
>  #define LIST_WINHVPLATFORM_FUNCTIONS(X) \
>X(HRESULT, WHvGetCapability, (WHV_CAPABILITY_CODE CapabilityCode, VOID* 
> CapabilityBuffer, UINT32
> CapabilityBufferSizeInBytes, UINT32* WrittenSizeInBytes)) \
>X(HRESULT, WHvCreatePartition, (WHV_PARTITION_HANDLE* Partition)) \
> diff --git a/target/i386/whpx-all.c b/target/i386/whpx-all.c
> index c78baac6df..da4c135925 100644
> --- a/target/i386/whpx-all.c
> +++ b/target/i386/whpx-all.c
> @@ -27,6 +27,8 @@
>  #include 
>  #include 
> 
> +#define HYPERV_APIC_BUS_FREQUENCY  (2ULL)
> +
>  struct whpx_state {
>  uint64_t mem_quota;
>  WHV_PARTITION_HANDLE partition;
> @@ -1061,6 +1063,18 @@ static int whpx_vcpu_run(CPUState *cpu)
>  cpu_x86_cpuid(env, cpuid_fn, 0, (UINT32 *), (UINT32 *),
>  (UINT32 *), (UINT32 *));
>  switch (cpuid_fn) {
> +case 0x4000:
> +/* Expose the vmware cpu frequency cpuid leaf */
> +rax = 0x4010;
> +rbx = rcx = rdx = 0;
> +break;
> +
> +case 0x4010:
> +rax = env->tsc_khz;
> +rbx = env->apic_bus_freq / 1000; /* Hz to KHz */
> +rcx = rdx = 0;
> +break;
> +
>  case 0x8001:
>  /* Remove any support of OSVW */
>  rcx &= ~CPUID_EXT3_OSVW;
> @@ -1193,6 +1207,10 @@ int whpx_init_vcpu(CPUState *cpu)
>  struct whpx_state *whpx = _global;
>  struct whpx_vcpu *vcpu;
>  Error *local_error = NULL;
> +struct CPUX86State *env = (CPUArchState *)(cpu->env_ptr);
> +X86CPU *x86_cpu = X86_CPU(cpu);
> +UINT64 freq = 0;
> +int ret;
> 
>  /* Add migration blockers for all unsupported features of the
>   * Windows Hypervisor Platform
> @@ -1207,7 +1225,8 @@ int whpx_init_vcpu(CPUState *cpu)
>  error_report_err(local_error);
>  migrate_del_blocker(whpx_migration_blocker);
>  error_free(whpx_migration_blocker);
> -return -EINVAL;
> +ret = -EINVAL;
> +goto error;
>  }
>  }
> 
> @@ -1215,7 +1234,8 @@ int whpx_init_vcpu(CPUState *cpu)
> 
>  if (!vcpu) {
>  error_report("WHPX: Failed to allocte VCPU context.");
> -return -ENOMEM;
> +ret = -ENOMEM;
> +goto error;
>  }
> 
>  hr = whp_dispatch.WHvEmulatorCreateEmulator(
> @@ -1224,8 +1244,8 @@ int whpx_init_vcpu(CPUState *cpu)
>  if (FAILED(hr)) {
>  error_report("WHPX: Failed to setup instruction completion support,"
>   " hr=%08lx", hr);
> -g_free(vcpu);
> -return -EINVAL;
> +ret = -EINVAL;
> +goto error;
>  }
> 
>  hr = whp_dispatch.WHvCreateVirtualProcessor(
> @@ -1234,17 +1254,72 @@ int whpx_init_vcpu(CPUState *cpu)
>  error_report("WHPX: Failed to create a virtual processor,"
>   " hr=%08lx", hr);
>  whp_dispatch.WHvEmulatorDestroyEmulator(vcpu->emulator);
> -g_free(vcpu);
> -return -EINVAL;
> +ret = -EINVAL;
> +goto error;
>  }
> 
> -vcpu->interruptable = true;
> +/*
> + * vcpu's TSC frequency is either specified by user, or use the value
> + * provided by Hyper-V if the former is not present. In the latter case, 
> we
> + * query it from Hyper-V and record in env->tsc_khz, so that vcpu's TSC
> + * frequency can be migrated later via this field.
> + */
> +if (!env->tsc_khz) {
> +hr = whp_dispatch.WHvGetCapability(
> +WHvCapabilityCodeProcessorClockFrequency, , sizeof(freq),
> +NULL);
> +if (hr != WHV_E_UNKNOWN_CAPABILITY) {
> +if (FAILED(hr)) {
> +printf("WHPX: Failed to query tsc frequency, hr=0x%08lx\n", 
> hr);
> +} else {
> +env->tsc_khz = freq / 1000; 

Re: [PATCH 1/1] tcg: Adjust simd_desc size encoding

[Philippe Mathieu-Daudé]

Le mar. 1 sept. 2020 00:31, Richard Henderson 
a écrit :

> With larger vector sizes, it turns out oprsz == maxsz, and we only
> need to represent mismatch for oprsz <= 32.  We do, however, need
> to represent larger oprsz and do so without reducing SIMD_DATA_BITS.
>
> Reduce the size of the oprsz field and increase the maxsz field.
> Steal the oprsz value of 24 to indicate equality with maxsz.
>
> Signed-off-by: Richard Henderson 
> ---
>  include/tcg/tcg-gvec-desc.h | 38 -
>  tcg/tcg-op-gvec.c   | 35 ++
>  2 files changed, 52 insertions(+), 21 deletions(-)
>
> diff --git a/include/tcg/tcg-gvec-desc.h b/include/tcg/tcg-gvec-desc.h
> index 0224ac3e78..704bd86454 100644
> --- a/include/tcg/tcg-gvec-desc.h
> +++ b/include/tcg/tcg-gvec-desc.h
> @@ -20,29 +20,41 @@
>  #ifndef TCG_TCG_GVEC_DESC_H
>  #define TCG_TCG_GVEC_DESC_H
>
> -/* ??? These bit widths are set for ARM SVE, maxing out at 256 byte
> vectors. */
> -#define SIMD_OPRSZ_SHIFT   0
> -#define SIMD_OPRSZ_BITS5
> +/*
> + * This configuration allows MAXSZ to represent 2048 bytes, and
> + * OPRSZ to match MAXSZ, or represent the smaller values 8, 16, or 32.
> + *
> + * Encode this with:
> + *   0, 1, 3 -> 8, 16, 32
> + *   2   -> maxsz
> + *
> + * This steals the input that would otherwise map to 24 to match maxsz.
>

Nice trick :)

+ */
> +#define SIMD_MAXSZ_SHIFT   0
> +#define SIMD_MAXSZ_BITS8
>
> -#define SIMD_MAXSZ_SHIFT   (SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
> -#define SIMD_MAXSZ_BITS5
> +#define SIMD_OPRSZ_SHIFT   (SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
> +#define SIMD_OPRSZ_BITS2
>
> -#define SIMD_DATA_SHIFT(SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
> +#define SIMD_DATA_SHIFT(SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
>  #define SIMD_DATA_BITS (32 - SIMD_DATA_SHIFT)
>
>  /* Create a descriptor from components.  */
>  uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data);
>
> -/* Extract the operation size from a descriptor.  */
> -static inline intptr_t simd_oprsz(uint32_t desc)
> -{
> -return (extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS) + 1) * 8;
> -}
> -
>  /* Extract the max vector size from a descriptor.  */
>  static inline intptr_t simd_maxsz(uint32_t desc)
>  {
> -return (extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) + 1) * 8;
> +return extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) * 8 + 8;
> +}
> +
> +/* Extract the operation size from a descriptor.  */
> +static inline intptr_t simd_oprsz(uint32_t desc)
> +{
> +uint32_t f = extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS);
> +intptr_t o = f * 8 + 8;
> +intptr_t m = simd_maxsz(desc);
> +return f == 2 ? m : o;
>  }
>
>  /* Extract the operation-specific data from a descriptor.  */
> diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
> index 7ebd9e8298..ddbe06b71a 100644
> --- a/tcg/tcg-op-gvec.c
> +++ b/tcg/tcg-op-gvec.c
> @@ -37,11 +37,21 @@ static const TCGOpcode vecop_list_empty[1] = { 0 };
> of the operand offsets so that we can check them all at once.  */
>  static void check_size_align(uint32_t oprsz, uint32_t maxsz, uint32_t ofs)
>  {
> -uint32_t opr_align = oprsz >= 16 ? 15 : 7;
> -uint32_t max_align = maxsz >= 16 || oprsz >= 16 ? 15 : 7;
> -tcg_debug_assert(oprsz > 0);
> -tcg_debug_assert(oprsz <= maxsz);
> -tcg_debug_assert((oprsz & opr_align) == 0);
> +uint32_t max_align;
> +
> +switch (oprsz) {
> +case 8:
> +case 16:
> +case 32:
> +tcg_debug_assert(oprsz <= maxsz);
> +break;
> +default:
> +tcg_debug_assert(oprsz == maxsz);
> +break;
> +}
> +tcg_debug_assert(maxsz <= (8 << SIMD_MAXSZ_BITS));
> +
> +max_align = maxsz >= 16 ? 15 : 7;
>  tcg_debug_assert((maxsz & max_align) == 0);
>  tcg_debug_assert((ofs & max_align) == 0);
>  }
> @@ -77,12 +87,21 @@ uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz,
> int32_t data)
>  {
>  uint32_t desc = 0;
>
> -assert(oprsz % 8 == 0 && oprsz <= (8 << SIMD_OPRSZ_BITS));
> -assert(maxsz % 8 == 0 && maxsz <= (8 << SIMD_MAXSZ_BITS));
> -assert(data == sextract32(data, 0, SIMD_DATA_BITS));
> +check_size_align(oprsz, maxsz, 0);
> +tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS));
>
>  oprsz = (oprsz / 8) - 1;
>  maxsz = (maxsz / 8) - 1;
> +
> +/*
> + * We have just asserted in check_size_align that either
> + * oprsz is {8,16,32} or matches maxsz.  Encode the final
> + * case with '2', as that would otherwise map to 24.
> + */
> +if (oprsz == maxsz) {
> +oprsz = 2;
> +}
>

Reviewed-by: Philippe Mathieu-Daudé 

+
>  desc = deposit32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS, oprsz);
>  desc = deposit32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS, maxsz);
>  desc = deposit32(desc, SIMD_DATA_SHIFT, SIMD_DATA_BITS, data);
> --
> 2.25.1
>
>
>

RE: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for instructions with multiple definitions

[Taylor Simpson]

> -Original Message-
> From: Richard Henderson 
> Sent: Monday, August 31, 2020 1:20 PM
> To: Taylor Simpson ; qemu-devel@nongnu.org
> Cc: phi...@redhat.com; laur...@vivier.eu; riku.voi...@iki.fi;
> aleksandar.m.m...@gmail.com; a...@rev.ng
> Subject: Re: [RFC PATCH v3 30/34] Hexagon (target/hexagon) TCG for
> instructions with multiple definitions
>
> The fGEN_TCG_A2_add macro does not require nor use that {...} argument.

The fGEN_TCG_A2_add macro does need that argument, but there are cases that do 
need it.  Here's an example from gen_tcg.h
#define fGEN_TCG_L2_loadrub_pr(SHORTCODE)  SHORTCODE
This is explained in the README, but basically the argument is useful if we can 
properly define the macros that it contains to generate TCG.


> What it *does* need are the same arguments as are given to generate_.  I
> assume you are using those arguments implicitly in your current
> fGEN_TCG_
> instances?

Yes

>
> It would be cleanest to only have the generate_* functions.
>
> Either they are written by hand (replacing the current fGEN_TCG_*), or they
> are
> generated.  In either case, there's just the one level of indirection from
> opcode_genptr[].
>
> I'd imagine
>
> --- genptr.c
>
> #define DEF_TCG_FUNC(TAG) \
> static void generate_##TAG(CPUHexagonState *env, \
> DisasContext *ctx, insn_t *insn, packet_t *pkt)
>
> /*
>  * All IIDs with an explicit implementation,
>  * overriding the auto-generated helper functions.
>  */
>
> DEF_TCG_FUNC(A2_add)
> {
> /* { RdV=RsV+RtV;} */
> tcg_gen_add_tl(args...);
> }

There's additional generated code before and after the tcg_gen_add_tl.  IMO, we 
don't want the person who writes an override having to reproduce the generated 
code.  Assuming we have a definition of fGEN_TCG_A2_add and we have the 
generator intelligently expanding the macros, this is what will be generated.

static void generate_A2_add(CPUHexagonState *env, DisasContext *ctx, insn_t 
*insn, packet_t *pkt)
{
/* A2_add */
int RdN =insn->regno[0];
TCGv RdV = tcg_temp_local_new();
int RsN = insn->regno[1];
TCGv RsV = hex_gpr[RsN];
int RtN = insn->regno[2];
TCGv RtV = hex_gpr[RtN];

fGEN_TCG_A2_add({ RdV=RsV+RtV;});

gen_log_reg_write(RdN, RdV, insn->slot, 0);
ctx_log_reg_write(ctx, RdN);

tcg_temp_free(RdV);
/* A2_add */
}

If there weren't an override, we'd get this

static void generate_A2_add(CPUHexagonState *env, DisasContext *ctx, insn_t 
*insn, packet_t *pkt)
{
/* A2_add */
int RdN =insn->regno[0];
TCGv RdV = tcg_temp_local_new();
int RsN = insn->regno[1];
TCGv RsV = hex_gpr[RsN];
int RtN = insn->regno[2];
TCGv RtV = hex_gpr[RtN];

gen_helper_A2_add(RdV, cpu_env, RsV, RtV);/* Only 
difference is this line */

gen_log_reg_write(RdN, RdV, insn->slot, 0);
ctx_log_reg_write(ctx, RdN);

tcg_temp_free(RdV);
/* A2_add */
}

The fGEN_TCG_ macro can also mention the operands of the instruction (RdV, 
RsV, RtV in this example).

Unlike the generate_ functions that all have the same signature.  The 
overrides would have different signatures.  This would be more defensive 
programming because you know exactly where the variables come from but more 
verbose when writing the overrides by hand.  Also, note that these need to be 
macros in order to take advantage of the SHORTCODE.

In other words, instead of
#define fGEN_TCG_A2_add(SHORTCODE)tcg_gen_add_tl(RdV, RsV, RtV)

We would write
#define fGEN_TCG_A2_add(env, ctx, insn, pkt, RdV, RsV, RtV, SHORTCODE)
tcg_gen_add_tl(RdV, RsV, RtV);

Personally, I prefer the former, but will change to the latter if you feel 
strongly.

I'm not married to the fGEN_TCG_ name.  DEF_TCG_ would also be fine.

>
> /*
>  * Generate calls to the auto-generate helpers,
>  * and slot everything into the opcode_genptr table.
>  */
> #include "genptr_generated.c.inc"
>
> --- genptr_generated.c.inc
>
> DEF_TCG_FUNC(A4_tlbmatch)
> {
>gen_helper_A4_tlbmatch(args...);
> }
>
> // etc
>
> const SemanticInsn opcode_genptr[] = {
> // All IID's, generated or not.
> };
>
> ---
>
> This leaves genptr.c as the file to grep for '^DEF_TCG_FUNC'.
>
>
> r~

QEMU | Pipeline #184069766 has failed for master | 2f4c51c0

[GitLab via]

Your pipeline has failed.

Project: QEMU ( https://gitlab.com/qemu-project/qemu )
Branch: master ( https://gitlab.com/qemu-project/qemu/-/commits/master )

Commit: 2f4c51c0 ( 
https://gitlab.com/qemu-project/qemu/-/commit/2f4c51c0f384d7888a04b4815861e6d5fd244d75
 )
Commit Message: Merge remote-tracking branch 'remotes/kraxel/ta...
Commit Author: Peter Maydell ( https://gitlab.com/pm215 )

Pipeline #184069766 ( 
https://gitlab.com/qemu-project/qemu/-/pipelines/184069766 ) triggered by Alex 
Bennée ( https://gitlab.com/stsquad )
had 1 failed build.

Job #712520194 ( https://gitlab.com/qemu-project/qemu/-/jobs/712520194/raw )

Stage: test
Name: acceptance-system-centos
Trace: 22:26:05 ERROR|   File 
"/builds/qemu-project/qemu/python/qemu/machine.py", line 342, in launch
self._launch()

22:26:05 ERROR|   File "/builds/qemu-project/qemu/python/qemu/machine.py", line 
369, in _launch
self._post_launch()

22:26:05 ERROR|   File "/builds/qemu-project/qemu/python/qemu/machine.py", line 
288, in _post_launch
self._qmp.accept()

22:26:05 ERROR|   File "/builds/qemu-project/qemu/python/qemu/qmp.py", line 
236, in accept
return self.__negotiate_capabilities()

22:26:05 ERROR|   File "/builds/qemu-project/qemu/python/qemu/qmp.py", line 
129, in __negotiate_capabilities
resp = self.cmd('qmp_capabilities')

22:26:05 ERROR|   File "/builds/qemu-project/qemu/python/qemu/qmp.py", line 
266, in cmd
return self.cmd_obj(qmp_cmd)

22:26:05 ERROR|   File "/builds/qemu-project/qemu/python/qemu/qmp.py", line 
249, in cmd_obj
raise QMPConnectError("Unexpected empty reply from server")

22:26:05 ERROR| qemu.qmp.QMPConnectError: Unexpected empty reply from server

22:26:05 ERROR| ERROR 34-tests/acceptance/vnc.py:Vnc.test_change_password -> 
QMPConnectError: Unexpected empty reply from server
22:26:05 INFO | 
$ du -chs ${CI_PROJECT_DIR}/avocado-cache
1.2G/builds/qemu-project/qemu/avocado-cache
1.2Gtotal
section_end:1598912770:after_script
ERROR: Job failed: exit code 1



-- 
You're receiving this email because of your account on gitlab.com.

[PATCH 0/1] tcg: Adjust simd_desc size encoding

[Richard Henderson]

Frank, this is intended to address the vector size limitation
that you encountered with the risc-v rvv patch set, as per

https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg07924.html

although not exactly like that email says.

This will allow vectors up to 2k bytes in length.
Please test, if you can.


r~


Richard Henderson (1):
  tcg: Adjust simd_desc size encoding

 include/tcg/tcg-gvec-desc.h | 38 -
 tcg/tcg-op-gvec.c   | 35 ++
 2 files changed, 52 insertions(+), 21 deletions(-)

-- 
2.25.1

[PATCH 1/1] tcg: Adjust simd_desc size encoding

[Richard Henderson]

With larger vector sizes, it turns out oprsz == maxsz, and we only
need to represent mismatch for oprsz <= 32.  We do, however, need
to represent larger oprsz and do so without reducing SIMD_DATA_BITS.

Reduce the size of the oprsz field and increase the maxsz field.
Steal the oprsz value of 24 to indicate equality with maxsz.

Signed-off-by: Richard Henderson 
---
 include/tcg/tcg-gvec-desc.h | 38 -
 tcg/tcg-op-gvec.c   | 35 ++
 2 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/include/tcg/tcg-gvec-desc.h b/include/tcg/tcg-gvec-desc.h
index 0224ac3e78..704bd86454 100644
--- a/include/tcg/tcg-gvec-desc.h
+++ b/include/tcg/tcg-gvec-desc.h
@@ -20,29 +20,41 @@
 #ifndef TCG_TCG_GVEC_DESC_H
 #define TCG_TCG_GVEC_DESC_H
 
-/* ??? These bit widths are set for ARM SVE, maxing out at 256 byte vectors. */
-#define SIMD_OPRSZ_SHIFT   0
-#define SIMD_OPRSZ_BITS5
+/*
+ * This configuration allows MAXSZ to represent 2048 bytes, and
+ * OPRSZ to match MAXSZ, or represent the smaller values 8, 16, or 32.
+ *
+ * Encode this with:
+ *   0, 1, 3 -> 8, 16, 32
+ *   2   -> maxsz
+ *
+ * This steals the input that would otherwise map to 24 to match maxsz.
+ */
+#define SIMD_MAXSZ_SHIFT   0
+#define SIMD_MAXSZ_BITS8
 
-#define SIMD_MAXSZ_SHIFT   (SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
-#define SIMD_MAXSZ_BITS5
+#define SIMD_OPRSZ_SHIFT   (SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
+#define SIMD_OPRSZ_BITS2
 
-#define SIMD_DATA_SHIFT(SIMD_MAXSZ_SHIFT + SIMD_MAXSZ_BITS)
+#define SIMD_DATA_SHIFT(SIMD_OPRSZ_SHIFT + SIMD_OPRSZ_BITS)
 #define SIMD_DATA_BITS (32 - SIMD_DATA_SHIFT)
 
 /* Create a descriptor from components.  */
 uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t data);
 
-/* Extract the operation size from a descriptor.  */
-static inline intptr_t simd_oprsz(uint32_t desc)
-{
-return (extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS) + 1) * 8;
-}
-
 /* Extract the max vector size from a descriptor.  */
 static inline intptr_t simd_maxsz(uint32_t desc)
 {
-return (extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) + 1) * 8;
+return extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) * 8 + 8;
+}
+
+/* Extract the operation size from a descriptor.  */
+static inline intptr_t simd_oprsz(uint32_t desc)
+{
+uint32_t f = extract32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS);
+intptr_t o = f * 8 + 8;
+intptr_t m = simd_maxsz(desc);
+return f == 2 ? m : o;
 }
 
 /* Extract the operation-specific data from a descriptor.  */
diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
index 7ebd9e8298..ddbe06b71a 100644
--- a/tcg/tcg-op-gvec.c
+++ b/tcg/tcg-op-gvec.c
@@ -37,11 +37,21 @@ static const TCGOpcode vecop_list_empty[1] = { 0 };
of the operand offsets so that we can check them all at once.  */
 static void check_size_align(uint32_t oprsz, uint32_t maxsz, uint32_t ofs)
 {
-uint32_t opr_align = oprsz >= 16 ? 15 : 7;
-uint32_t max_align = maxsz >= 16 || oprsz >= 16 ? 15 : 7;
-tcg_debug_assert(oprsz > 0);
-tcg_debug_assert(oprsz <= maxsz);
-tcg_debug_assert((oprsz & opr_align) == 0);
+uint32_t max_align;
+
+switch (oprsz) {
+case 8:
+case 16:
+case 32:
+tcg_debug_assert(oprsz <= maxsz);
+break;
+default:
+tcg_debug_assert(oprsz == maxsz);
+break;
+}
+tcg_debug_assert(maxsz <= (8 << SIMD_MAXSZ_BITS));
+
+max_align = maxsz >= 16 ? 15 : 7;
 tcg_debug_assert((maxsz & max_align) == 0);
 tcg_debug_assert((ofs & max_align) == 0);
 }
@@ -77,12 +87,21 @@ uint32_t simd_desc(uint32_t oprsz, uint32_t maxsz, int32_t 
data)
 {
 uint32_t desc = 0;
 
-assert(oprsz % 8 == 0 && oprsz <= (8 << SIMD_OPRSZ_BITS));
-assert(maxsz % 8 == 0 && maxsz <= (8 << SIMD_MAXSZ_BITS));
-assert(data == sextract32(data, 0, SIMD_DATA_BITS));
+check_size_align(oprsz, maxsz, 0);
+tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS));
 
 oprsz = (oprsz / 8) - 1;
 maxsz = (maxsz / 8) - 1;
+
+/*
+ * We have just asserted in check_size_align that either
+ * oprsz is {8,16,32} or matches maxsz.  Encode the final
+ * case with '2', as that would otherwise map to 24.
+ */
+if (oprsz == maxsz) {
+oprsz = 2;
+}
+
 desc = deposit32(desc, SIMD_OPRSZ_SHIFT, SIMD_OPRSZ_BITS, oprsz);
 desc = deposit32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS, maxsz);
 desc = deposit32(desc, SIMD_DATA_SHIFT, SIMD_DATA_BITS, data);
-- 
2.25.1

Re: [PATCH v2 62/76] target/microblaze: Tidy mb_cpu_dump_state

[Philippe Mathieu-Daudé]

Le mar. 1 sept. 2020 00:16, Richard Henderson 
a écrit :

> On 8/31/20 2:08 PM, Philippe Mathieu-Daudé wrote:
> > Hi Richard,
> >
> > Le ven. 28 août 2020 16:46, Richard Henderson <
> richard.hender...@linaro.org
> > > a écrit :
> >
> > Using lookup_symbol is quite slow; remove that.  Decode the
> >
> >
> > Can we add some runtime option to enable its use instead?
>
> We do the lookup with -d in_asm.
> Do we really need it with -d cpu as well?
>
> The -d cpu can be called many millions of times more than -d in_asm, and
> the
> two are relatively easy to correlate.
>

Ah I missed that. This is fine then!

Thanks,

Phil.


>
> r~
>

Re: [PATCH v2 62/76] target/microblaze: Tidy mb_cpu_dump_state

[Richard Henderson]

On 8/31/20 2:08 PM, Philippe Mathieu-Daudé wrote:
> Hi Richard, 
> 
> Le ven. 28 août 2020 16:46, Richard Henderson  > a écrit :
> 
> Using lookup_symbol is quite slow; remove that.  Decode the
> 
> 
> Can we add some runtime option to enable its use instead?

We do the lookup with -d in_asm.
Do we really need it with -d cpu as well?

The -d cpu can be called many millions of times more than -d in_asm, and the
two are relatively easy to correlate.


r~

Re: [PATCH v2 7/7] target: Push BQL on ->cpu_exec_interrupt down into per-arch implementation

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 499a8bdc5e..c4e54baa6f 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -599,7 +599,6 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
> True when it is, and we should restart on a new TB,
> and via longjmp via cpu_loop_exit.  */
>  else {
> -qemu_mutex_lock_iothread();
>  if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {
>  replay_interrupt();
>  /*
> @@ -614,7 +613,6 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
>  /* The target hook may have updated the 'cpu->interrupt_request';
>   * reload the 'interrupt_request' value */
>  interrupt_request = cpu_interrupt_request(cpu);
> -qemu_mutex_unlock_iothread();
>  }
>  if (interrupt_request & CPU_INTERRUPT_EXITTB) {
>  cpu_reset_interrupt(cpu, CPU_INTERRUPT_EXITTB);

I think you need a change to patch 5, because this patch reduces the scope
further, around cpu_interrupt_request, etc.

I think patch 5 should have

+bool success;
+qemu_mutex_lock_iothread();
+success = cc->cpu_exec_interrupt(cpu, interrupt_request);
+qemu_mutex_unlok_iothread();
+if (success) {
-if (cc->cpu_exec_interrupt(cpu, interrupt_request)) {

That way this patch maintains the scope of the lock.


r~

[REPORT] Nightly Performance Tests - Monday, August 31, 2020

[Ahmed Karaman]

Host CPU : Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Host Memory  : 15.49 GB

Start Time (UTC) : 2020-08-31 21:30:01
End Time (UTC)   : 2020-08-31 22:03:18
Execution Time   : 0:33:17.321826

Status   : SUCCESS

Note:
Changes denoted by '-' are less than 0.01%.


SUMMARY REPORT - COMMIT 2f4c51c0

AVERAGE RESULTS

Target  Instructions  Latest  v5.1.0
--    --  --
aarch642 158 385 359   - +1.695%
alpha  1 914 979 612   - +3.525%
arm8 076 413 634   - +2.305%
hppa   4 261 661 111   - +3.163%
m68k   2 690 309 055   - +7.135%
mips   1 862 059 680   - +2.496%
mipsel 2 008 233 282   - +2.675%
mips64 1 918 655 917   - +2.819%
mips64el   2 051 564 413   - +3.026%
ppc2 480 164 718   - +3.109%
ppc64  2 576 704 659   - +3.142%
ppc64le2 558 877 496   - +3.174%
riscv641 406 728 405   - +2.652%
s390x  3 158 138 330   - +3.119%
sh42 364 470 690   - +3.332%
sparc643 318 827 000   - +3.861%
x86_64 1 775 830 837   - +2.158%


   DETAILED RESULTS

Test Program: dijkstra_double

Target  Instructions  Latest  v5.1.0
--    --  --
aarch643 062 621 750   - +1.425%
alpha  3 191 877 533   - +3.696%
arm   16 357 167 482   - +2.347%
hppa   7 228 376 256   - +3.086%
m68k   4 294 075 581   - +9.693%
mips   3 051 474 700   - +2.429%
mipsel 3 231 542 693   -  +2.87%
mips64 3 245 849 927   - +2.597%
mips64el   3 414 228 231   - +3.022%
ppc4 914 550 541   -  +4.74%
ppc64  5 098 144 074   - +4.565%
ppc64le5 082 430 657   -  +4.58%
riscv642 192 314 810   - +1.956%
s390x  4 584 587 603   - +2.898%
sh43 949 062 260   - +3.465%
sparc644 586 233 287   - +4.238%
x86_64 2 484 139 245   - +1.752%


Test Program: dijkstra_int32

Target  Instructions  Latest  v5.1.0
--    --  --
aarch642 210 231 707   - +1.495%
alpha  1 494 143 338   - +2.151%
arm8 262 936 445   - +2.665%
hppa   5 207 294 158   - +3.046%
m68k   1 725 895 594   - +2.529%
mips   1 495 263 941   - +1.494%
mipsel 1 497 162 301   -  +1.48%
mips64 1 715 451 246   - +1.895%
mips64el   1 695 220 602   -  +1.91%
ppc2 014 590 742   - +1.821%
ppc64  2 206 260 784   - +2.138%
ppc64le2 198 026 833   - +2.147%
riscv641 354 923 960   - +2.397%
s390x  2 916 095 829   - +1.236%
sh41 990 558 292   - +2.671%
sparc642 874 269 435   - +3.831%
x86_64 1 554 029 269   - +2.123%


Test Program: matmult_double

Target  Instructions  Latest  v5.1.0
--    --  --
aarch641 412 288 804   - +0.303%
alpha  3 234 004 360   - +7.474%
arm8 545 194 947   - +1.089%
hppa   3 483 504 965   - +4.466%
m68k   3 919 126 846   -+18.433%
mips   2 344 803 493   - +4.092%
mipsel 3 329 915 487   - +5.178%
mips64 2 359 059 099   - +4.076%

Re: [PATCH] libvhost-user: Add GCC_FMT_ATTR and fix format string

[Raphael Norwitz]

On Thu, Aug 27, 2020 at 5:09 PM Stefan Weil  wrote:
>
> Signed-off-by: Stefan Weil 

Reviewed-by: Raphael Norwitz 

> ---
>  contrib/libvhost-user/libvhost-user.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/contrib/libvhost-user/libvhost-user.c 
> b/contrib/libvhost-user/libvhost-user.c
> index 53f16bdf08..ff7ac876f4 100644
> --- a/contrib/libvhost-user/libvhost-user.c
> +++ b/contrib/libvhost-user/libvhost-user.c
> @@ -151,7 +151,7 @@ vu_request_to_string(unsigned int req)
>  }
>  }
>
> -static void
> +static void GCC_FMT_ATTR(2, 3)
>  vu_panic(VuDev *dev, const char *msg, ...)
>  {
>  char *buf = NULL;
> @@ -643,7 +643,7 @@ generate_faults(VuDev *dev) {
>
>  if (ioctl(dev->postcopy_ufd, UFFDIO_REGISTER, _struct)) {
>  vu_panic(dev, "%s: Failed to userfault region %d "
> -  "@%p + size:%zx offset: %zx: (ufd=%d)%s\n",
> +  "@%016"PRIx64" + size:%zx offset: %zx: 
> (ufd=%d)%s\n",
>   __func__, i,
>   dev_region->mmap_addr,
>   dev_region->size, dev_region->mmap_offset,
> --
> 2.28.0
>
>

Re: [PATCH v2 2/7] target/arm: add ARMCPUClass->do_interrupt_locked

[Richard Henderson]

On 8/31/20 2:18 PM, Richard Henderson wrote:
> On 8/19/20 11:28 AM, Robert Foley wrote:
>> Adding ->do_interrupt_locked to ARMCPUClass is preparation for
>> pushing the BQL down into the per-arch implementation of ->do_interrupt.
>>
>> This is needed since ARM's *_cpu_exec_interrupt calls to *_do_interrupt.
>> With the push down of the BQL into *_cpu_exec_interrupt and
>> *_do_interrupt, *_cpu_exec_interrupt will call to ->do_interrupt
>> with lock held.  Since ->do_interrupt also has the lock, we need a way
>> to allow cpu_exec_interrupt to call do_interrupt with lock held.
>> This patch solves this issue of *_cpu_exec_interrupt needing
>> to call do_interrupt with lock held.
>>
>> This patch is part of a series of transitions to move the
>> BQL down into the do_interrupt per arch functions.  This set of
>> transitions is needed to maintain bisectability.
>>
>> This approach was suggested by Paolo Bonzini.
>> For reference, here are two key posts in the discussion, explaining
>> the reasoning/benefits of this approach.
>> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00784.html
>> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg01517.html
>> https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg08731.html
>> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00044.html
>>
>> Signed-off-by: Robert Foley 
>> ---
>>  target/arm/cpu-qom.h | 3 +++
>>  target/arm/cpu.c | 5 +++--
>>  target/arm/cpu_tcg.c | 5 +++--
>>  3 files changed, 9 insertions(+), 4 deletions(-)
> 
> Reviewed-by: Richard Henderson 

I take it back.  These two cc->do_interrupt calls can be replaced with direct
calls.

> #ifndef CONFIG_USER_ONLY
> cc->do_interrupt = arm_v7m_cpu_do_interrupt;
> #endif
> 
> cc->cpu_exec_interrupt = arm_v7m_cpu_exec_interrupt;

If we are in arm_v7m_cpu_exec_interrupt we will always call
arm_v7m_cpu_do_interrupt.

I think the mismatch of #ifdef, which implies a different destination is
possible, is a bug -- cc->do_interrupt is not otherwise assigned and in fact
would be NULL.

I suspect that some of these slots themselves should be ifdefed, so that we
cannot assign to them when they are unused.  That would help keep the ifdefs in
the cpu init functions in sync.

This same condition is *not* true for cris -- there is no
crisv10_cpu_exec_interrupt -- so you do need the new do_interrupt_locked field
there.


r~

Re: [PATCH v2 6/7] target: rename all *_cpu_exec_interrupt functions to *_cpu_exec_interrupt_locked

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> The rename of all *_cpu_exec_interrupt functions to
> *_cpu_exec_interrupt_locked is preparation for pushing the BQL lock
> around these functions down into the per-arch implementation of
> *_cpu_exec_interrupt.  In a later patch, which pushes down the lock,
> we will add a new *_cpu_exec_interrupt function, which grabs the BQL
> and calls to *_cpu_exec_interrupt_locked.
> 
> This patch is part of a series of transitions to move the
> BQL down into the cpu_exec_interrupt per arch functions.  This set of
> transitions is needed to maintain bisectability.
> 
> The purpose of this set of changes is to set the groundwork
> so that an arch could move towards removing
> the BQL from the cpu_handle_interrupt/exception paths.
> 
> This approach was suggested by Paolo Bonzini.
> For reference, here are key posts in the discussion, explaining
> the reasoning/benefits of this approach.
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00784.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg01517.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg08731.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00044.html
> 
> Signed-off-by: Robert Foley 
> ---

Reviewed-by: Richard Henderson 


r~

Re: [PATCH v2 5/7] accel/tcg: Change BQL critical section in cpu_handle_interrupt

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> @@ -625,7 +624,6 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
>  }
>  
>  /* If we exit via cpu_loop_exit/longjmp it is reset in cpu_exec */
> -qemu_mutex_unlock_iothread();

The comment no longer has an "it" to reference.
We should probably expand that to mention which lock.

Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: [PATCH] gitlab-ci.yml: Run check-qtest and check-unit at the end of the fuzzer job

[Philippe Mathieu-Daudé]

Hi Thomas,

Le lun. 31 août 2020 17:33, Thomas Huth  a écrit :

> The fuzzer job finishes quite early, so we can run the unit tests and
> qtests with -fsanitize=address here without extending the total test time.
>
> Signed-off-by: Thomas Huth 
> ---
>  .gitlab-ci.yml | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 17f1f8fad9..417fda6909 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -256,13 +256,14 @@ build-oss-fuzz:
>  - mkdir build-oss-fuzz
>  - CC="clang" CXX="clang++" CFLAGS="-fsanitize=address"
>./scripts/oss-fuzz/build.sh
> +- export ASAN_OPTIONS="fast_unwind_on_malloc=0"
>  - for fuzzer in $(find ./build-oss-fuzz/DEST_DIR/ -executable -type f
>| grep -v slirp); do
>  grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 ||
> continue ;
>  echo Testing ${fuzzer} ... ;
> -ASAN_OPTIONS="fast_unwind_on_malloc=0"
> - "${fuzzer}" -runs=1000 -seed=1 || exit 1 ;
> +"${fuzzer}" -runs=1000 -seed=1 || exit 1 ;
>done
> +- cd build-oss-fuzz && make check-qtest-i386 check-unit
>

As this does not use the fuzzer main entry point, what is the point of
running that?


>  build-tci:
><<: *native_build_job_definition
> --
> 2.18.2
>
>
>

Re: [PATCH v2 4/7] target: Push BQL on ->do_interrupt down into per-arch implementation

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> avr is another exception.  avr, arm and cris all had a similar
> case where their *_cpu_exec_interrupt was calling to
> the CPUClass ->do_interrupt.  This causes an issue when we push
> the lock down since ->do_interrupt will try to acquire the BQL, but
> the calling context already has it.

Alpha is in this lest as well, correct?

> diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
> index 4c6753df34..be29bdd530 100644
> --- a/target/alpha/cpu.h
> +++ b/target/alpha/cpu.h
> @@ -276,7 +276,7 @@ struct AlphaCPU {
>  extern const VMStateDescription vmstate_alpha_cpu;
>  #endif
>  
> -void alpha_cpu_do_interrupt_locked(CPUState *cpu);
> +void alpha_cpu_do_interrupt(CPUState *cpu);
>  bool alpha_cpu_exec_interrupt(CPUState *cpu, int int_req);
>  void alpha_cpu_dump_state(CPUState *cs, FILE *f, int flags);
>  hwaddr alpha_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
> diff --git a/target/alpha/helper.c b/target/alpha/helper.c
> index ff9a2a7765..e497dd269e 100644
> --- a/target/alpha/helper.c
> +++ b/target/alpha/helper.c
> @@ -295,7 +295,7 @@ bool alpha_cpu_tlb_fill(CPUState *cs, vaddr addr, int 
> size,
>  }
>  #endif /* USER_ONLY */
>  
> -void alpha_cpu_do_interrupt_locked(CPUState *cs)
> +static void alpha_cpu_do_interrupt_locked(CPUState *cs)
>  {
>  AlphaCPU *cpu = ALPHA_CPU(cs);
>  CPUAlphaState *env = >env;
> @@ -407,6 +407,13 @@ void alpha_cpu_do_interrupt_locked(CPUState *cs)
>  #endif /* !USER_ONLY */
>  }
>  
> +void alpha_cpu_do_interrupt(CPUState *cs)
> +{
> +qemu_mutex_lock_iothread();
> +alpha_cpu_do_interrupt_locked(cs);
> +qemu_mutex_unlock_iothread();
> +}
> +
>  bool alpha_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
>  {
>  AlphaCPU *cpu = ALPHA_CPU(cs);

This rename should have been done in patch 1, as with all others.
Moreover, this leaves a bug in alpha_cpu_exec_interrupt in that it should be
calling alpha_cpu_do_interrupt_locked.

That seems to be the only instance of this mistake.


r~

Re: [PATCH v2 32/76] target/microblaze: Remove empty D macros

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:32, Richard Henderson 
a écrit :

> This is never used in op_helper.c and translate.c.  There are
> two trivial uses in helper.c which can be improved by always
> logging MMU_EXCP to CPU_LOG_INT.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  target/microblaze/helper.c| 11 ---
>  target/microblaze/op_helper.c |  2 --
>  target/microblaze/translate.c |  2 --
>  3 files changed, 4 insertions(+), 11 deletions(-)
>
> diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
> index 9a95456401..f8e2ca12a9 100644
> --- a/target/microblaze/helper.c
> +++ b/target/microblaze/helper.c
> @@ -24,8 +24,6 @@
>  #include "qemu/host-utils.h"
>  #include "exec/log.h"
>
> -#define D(x)
> -
>  #if defined(CONFIG_USER_ONLY)
>
>  void mb_cpu_do_interrupt(CPUState *cs)
> @@ -155,10 +153,13 @@ void mb_cpu_do_interrupt(CPUState *cs)
>  case EXCP_MMU:
>  env->regs[17] = env->pc;
>
> +qemu_log_mask(CPU_LOG_INT,
> +  "MMU exception at pc=%x iflags=%x ear=%" PRIx64
> "\n",
> +  env->pc, env->iflags, env->ear);
> +
>  env->esr &= ~(1 << 12);
>  /* Exception breaks branch + dslot sequence?  */
>  if (env->iflags & D_FLAG) {
> -D(qemu_log("D_FLAG set at exception bimm=%d\n",
> env->bimm));
>  env->esr |= 1 << 12 ;
>  env->btr = env->btarget;
>
> @@ -166,14 +167,10 @@ void mb_cpu_do_interrupt(CPUState *cs)
>  env->regs[17] -= 4;
>  /* was the branch immprefixed?.  */
>  if (env->bimm) {
> -qemu_log_mask(CPU_LOG_INT,
> -  "bimm exception at pc=%x iflags=%x\n",
> -  env->pc, env->iflags);
>  env->regs[17] -= 4;
>  log_cpu_state_mask(CPU_LOG_INT, cs, 0);
>  }
>  } else if (env->iflags & IMM_FLAG) {
> -D(qemu_log("IMM_FLAG set at exception\n"));
>  env->regs[17] -= 4;
>  }
>
> diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
> index d79202c3f8..decdca0fd8 100644
> --- a/target/microblaze/op_helper.c
> +++ b/target/microblaze/op_helper.c
> @@ -26,8 +26,6 @@
>  #include "exec/cpu_ldst.h"
>  #include "fpu/softfloat.h"
>
> -#define D(x)
> -
>  void helper_put(uint32_t id, uint32_t ctrl, uint32_t data)
>  {
>  int test = ctrl & STREAM_TEST;
> diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
> index 6757720776..860859324a 100644
> --- a/target/microblaze/translate.c
> +++ b/target/microblaze/translate.c
> @@ -41,8 +41,6 @@
>  #  define LOG_DIS(...) do { } while (0)
>  #endif
>
> -#define D(x)
> -
>  #define EXTRACT_FIELD(src, start, end) \
>  (((src) >> start) & ((1 << (end - start + 1)) - 1))
>
> --
> 2.25.1
>
>
>

Re: [PATCH v2 23/76] target/microblaze: Rename env_* tcg variables to cpu_*

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:36, Richard Henderson 
a écrit :

> This is cpu_imm, cpu_btaken, cpu_iflags, cpu_res_addr and cpu_res_val.
> It is standard for these file-scope globals to begin with cpu_*.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  target/microblaze/translate.c | 54 +--
>  1 file changed, 27 insertions(+), 27 deletions(-)
>
> diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
> index ecfa6b86a4..9aa63ddcc5 100644
> --- a/target/microblaze/translate.c
> +++ b/target/microblaze/translate.c
> @@ -56,12 +56,12 @@
>  static TCGv_i32 cpu_R[32];
>  static TCGv_i32 cpu_pc;
>  static TCGv_i32 cpu_msr;
> -static TCGv_i32 env_imm;
> -static TCGv_i32 env_btaken;
> +static TCGv_i32 cpu_imm;
> +static TCGv_i32 cpu_btaken;
>  static TCGv_i32 cpu_btarget;
> -static TCGv_i32 env_iflags;
> -static TCGv env_res_addr;
> -static TCGv_i32 env_res_val;
> +static TCGv_i32 cpu_iflags;
> +static TCGv cpu_res_addr;
> +static TCGv_i32 cpu_res_val;
>
>  #include "exec/gen-icount.h"
>
> @@ -107,7 +107,7 @@ static inline void t_sync_flags(DisasContext *dc)
>  {
>  /* Synch the tb dependent flags between translator and runtime.  */
>  if (dc->tb_flags != dc->synced_flags) {
> -tcg_gen_movi_i32(env_iflags, dc->tb_flags);
> +tcg_gen_movi_i32(cpu_iflags, dc->tb_flags);
>  dc->synced_flags = dc->tb_flags;
>  }
>  }
> @@ -222,10 +222,10 @@ static inline TCGv_i32 *dec_alu_op_b(DisasContext
> *dc)
>  {
>  if (dc->type_b) {
>  if (dc->tb_flags & IMM_FLAG)
> -tcg_gen_ori_i32(env_imm, env_imm, dc->imm);
> +tcg_gen_ori_i32(cpu_imm, cpu_imm, dc->imm);
>  else
> -tcg_gen_movi_i32(env_imm, (int32_t)((int16_t)dc->imm));
> -return _imm;
> +tcg_gen_movi_i32(cpu_imm, (int32_t)((int16_t)dc->imm));
> +return _imm;
>  } else
>  return _R[dc->rb];
>  }
> @@ -859,7 +859,7 @@ static inline void sync_jmpstate(DisasContext *dc)
>  {
>  if (dc->jmp == JMP_DIRECT || dc->jmp == JMP_DIRECT_CC) {
>  if (dc->jmp == JMP_DIRECT) {
> -tcg_gen_movi_i32(env_btaken, 1);
> +tcg_gen_movi_i32(cpu_btaken, 1);
>  }
>  dc->jmp = JMP_INDIRECT;
>  tcg_gen_movi_i32(cpu_btarget, dc->jmp_pc);
> @@ -869,7 +869,7 @@ static inline void sync_jmpstate(DisasContext *dc)
>  static void dec_imm(DisasContext *dc)
>  {
>  LOG_DIS("imm %x\n", dc->imm << 16);
> -tcg_gen_movi_i32(env_imm, (dc->imm << 16));
> +tcg_gen_movi_i32(cpu_imm, (dc->imm << 16));
>  dc->tb_flags |= IMM_FLAG;
>  dc->clear_imm = 0;
>  }
> @@ -1040,8 +1040,8 @@ static void dec_load(DisasContext *dc)
>  }
>
>  if (ex) {
> -tcg_gen_mov_tl(env_res_addr, addr);
> -tcg_gen_mov_i32(env_res_val, v);
> +tcg_gen_mov_tl(cpu_res_addr, addr);
> +tcg_gen_mov_i32(cpu_res_val, v);
>  }
>  if (dc->rd) {
>  tcg_gen_mov_i32(cpu_R[dc->rd], v);
> @@ -1103,7 +1103,7 @@ static void dec_store(DisasContext *dc)
>
>  write_carryi(dc, 1);
>  swx_skip = gen_new_label();
> -tcg_gen_brcond_tl(TCG_COND_NE, env_res_addr, addr, swx_skip);
> +tcg_gen_brcond_tl(TCG_COND_NE, cpu_res_addr, addr, swx_skip);
>
>  /*
>   * Compare the value loaded at lwx with current contents of
> @@ -,11 +,11 @@ static void dec_store(DisasContext *dc)
>   */
>  tval = tcg_temp_new_i32();
>
> -tcg_gen_atomic_cmpxchg_i32(tval, addr, env_res_val,
> +tcg_gen_atomic_cmpxchg_i32(tval, addr, cpu_res_val,
> cpu_R[dc->rd], mem_index,
> mop);
>
> -tcg_gen_brcond_i32(TCG_COND_NE, env_res_val, tval, swx_skip);
> +tcg_gen_brcond_i32(TCG_COND_NE, cpu_res_val, tval, swx_skip);
>  write_carryi(dc, 0);
>  tcg_temp_free_i32(tval);
>  }
> @@ -1204,7 +1204,7 @@ static void eval_cond_jmp(DisasContext *dc, TCGv_i32
> pc_true, TCGv_i32 pc_false)
>  TCGv_i32 zero = tcg_const_i32(0);
>
>  tcg_gen_movcond_i32(TCG_COND_NE, cpu_pc,
> -env_btaken, zero,
> +cpu_btaken, zero,
>  pc_true, pc_false);
>
>  tcg_temp_free_i32(zero);
> @@ -1245,7 +1245,7 @@ static void dec_bcc(DisasContext *dc)
>  dc->jmp = JMP_INDIRECT;
>  tcg_gen_addi_i32(cpu_btarget, *dec_alu_op_b(dc), dc->pc);
>  }
> -eval_cc(dc, cc, env_btaken, cpu_R[dc->ra]);
> +eval_cc(dc, cc, cpu_btaken, cpu_R[dc->ra]);
>  }
>
>  static void dec_br(DisasContext *dc)
> @@ -1311,7 +1311,7 @@ static void dec_br(DisasContext *dc)
>
>  dc->jmp = JMP_INDIRECT;
>  if (abs) {
> -tcg_gen_movi_i32(env_btaken, 1);
> +tcg_gen_movi_i32(cpu_btaken, 1);
>  tcg_gen_mov_i32(cpu_btarget, *(dec_alu_op_b(dc)));
>  if (link && !dslot) {
>  if (!(dc->tb_flags 

Re: [PATCH v2 50/76] target/microblaze: Replace MSR_EE_FLAG with MSR_EE

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:42, Richard Henderson 
a écrit :

> There's no reason to define MSR_EE_FLAG; we can just use the
> original MSR_EE define.  Document the other flags copied into
> tb_flags with iflag to reserve those bits.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  target/microblaze/cpu.h   | 4 +++-
>  target/microblaze/translate.c | 4 ++--
>  2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
> index 013858b8e0..594501e4e7 100644
> --- a/target/microblaze/cpu.h
> +++ b/target/microblaze/cpu.h
> @@ -254,7 +254,9 @@ struct CPUMBState {
>
>  /* Internal flags.  */
>  #define IMM_FLAG   4
> -#define MSR_EE_FLAG (1 << 8)
> +/* MSR_EE   (1 << 8)  */
> +/* MSR_UM   (1 << 11) */
> +/* MSR_VM   (1 << 13) */
>  #define DRTI_FLAG  (1 << 16)
>  #define DRTE_FLAG  (1 << 17)
>  #define DRTB_FLAG  (1 << 18)
> diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
> index 72541905ec..1f6731e0af 100644
> --- a/target/microblaze/translate.c
> +++ b/target/microblaze/translate.c
> @@ -162,7 +162,7 @@ static void gen_goto_tb(DisasContext *dc, int n,
> target_ulong dest)
>   */
>  static bool trap_illegal(DisasContext *dc, bool cond)
>  {
> -if (cond && (dc->tb_flags & MSR_EE_FLAG)
> +if (cond && (dc->tb_flags & MSR_EE)
>  && dc->cpu->cfg.illegal_opcode_exception) {
>  gen_raise_hw_excp(dc, ESR_EC_ILLEGAL_OP);
>  }
> @@ -178,7 +178,7 @@ static bool trap_userspace(DisasContext *dc, bool cond)
>  int mem_index = cpu_mmu_index(>cpu->env, false);
>  bool cond_user = cond && mem_index == MMU_USER_IDX;
>
> -if (cond_user && (dc->tb_flags & MSR_EE_FLAG)) {
> +if (cond_user && (dc->tb_flags & MSR_EE)) {
>  gen_raise_hw_excp(dc, ESR_EC_PRIVINSN);
>  }
>  return cond_user;
> --
> 2.25.1
>
>
>

Re: [PATCH 00/20] RX target update

[Philippe Mathieu-Daudé]

Hello Yoshinori,

Le jeu. 27 août 2020 14:43, Yoshinori Sato  a
écrit :

> Hello.
> This series Renesas RX updates.
>
> It consists of the following contents.
> * Update firmware loader.
> * Rewrite peripheal modules (Timer and SCI).
>   - Unified SH4 module.
>   - Using clock API
> * New peripheal modules.
>   - On-chip clock generator.
>   - Multi-function timer.
>   - Ethernet MAC.
> * New real hardware target.
>   - TokushudenshiKairo TKDN-RX62N-BRD.
>   - CQ publishing CQ-FRK-RX62N
>

How can we test them?


> Yoshinori Sato (20):
>   loader.c: Add support Motrola S-record format.
>   include/elf.h: Add EM_RX.
>   hw/rx: Firmware and kernel loader.
>   hw/rx: New firmware loader.
>   hw/rx: Add RX62N Clock generator
>   hw/timer: Renesas 8bit timer emulation.
>   hw/rx: RX62N convert new 8bit timer.
>   hw/timer: Renesas TMU/CMT module.
>   hw/timer: Remove renesas_cmt.
>   hw/rx: Convert to renesas_timer
>   hw/char: Renesas SCI module.
>   hw/rx/rx62n: Use New SCI module.
>   hw/timer: Add Renesas MTU2
>   hw/rx/rx62n: RX62N Add MTU module
>   hw/net: Add generic Bit-bang MDIO PHY.
>   hw/net: Add Renesas On-chip Ethernet MAC
>   hw/rx/rx62n: Add Ethernet support.
>   hw/rx: Add Tokudenkairo TKDN-RX62N-BRD
>   hw/rx: Add CQ-FRK-RX62N target
>   MAINTAINERS: Update RX entry
>
>  default-configs/rx-softmmu.mak   |2 +
>  include/elf.h|2 +
>  include/hw/char/renesas_sci.h|  129 ++-
>  include/hw/loader.h  |   14 +
>  include/hw/net/mdio.h|  126 +++
>  include/hw/net/renesas_eth.h |   57 ++
>  include/hw/rx/loader.h   |   35 +
>  include/hw/rx/rx62n-cpg.h|   72 ++
>  include/hw/rx/rx62n.h|   36 +-
>  include/hw/timer/renesas_cmt.h   |   40 -
>  include/hw/timer/renesas_mtu.h   |   90 ++
>  include/hw/timer/renesas_timer.h |  103 +++
>  include/hw/timer/renesas_tmr.h   |   55 --
>  include/hw/timer/renesas_tmr8.h  |   67 ++
>  hw/char/renesas_sci.c| 1040 ++-
>  hw/core/loader.c |  208 +
>  hw/net/mdio.c|  264 ++
>  hw/net/renesas_eth.c |  875 
>  hw/rx/cq-frk-rx62n.c |   94 +++
>  hw/rx/loader.c   |  182 +
>  hw/rx/rx-gdbsim.c|   98 +--
>  hw/rx/rx62n-cpg.c|  344 
>  hw/rx/rx62n.c|  140 ++--
>  hw/rx/tkdn-rx62n.c   |  192 +
>  hw/timer/renesas_cmt.c   |  283 ---
>  hw/timer/renesas_mtu.c   | 1312 ++
>  hw/timer/renesas_timer.c |  639 +++
>  hw/timer/renesas_tmr.c   |  477 ---
>  hw/timer/renesas_tmr8.c  |  540 
>  MAINTAINERS  |2 +
>  hw/net/Kconfig   |8 +
>  hw/net/meson.build   |3 +
>  hw/rx/Kconfig|   16 +-
>  hw/rx/meson.build|5 +-
>  hw/timer/Kconfig |9 +-
>  hw/timer/meson.build |5 +-
>  36 files changed, 6391 insertions(+), 1173 deletions(-)
>  create mode 100644 include/hw/net/mdio.h
>  create mode 100644 include/hw/net/renesas_eth.h
>  create mode 100644 include/hw/rx/loader.h
>  create mode 100644 include/hw/rx/rx62n-cpg.h
>  delete mode 100644 include/hw/timer/renesas_cmt.h
>  create mode 100644 include/hw/timer/renesas_mtu.h
>  create mode 100644 include/hw/timer/renesas_timer.h
>  delete mode 100644 include/hw/timer/renesas_tmr.h
>  create mode 100644 include/hw/timer/renesas_tmr8.h
>  create mode 100644 hw/net/mdio.c
>  create mode 100644 hw/net/renesas_eth.c
>  create mode 100644 hw/rx/cq-frk-rx62n.c
>  create mode 100644 hw/rx/loader.c
>  create mode 100644 hw/rx/rx62n-cpg.c
>  create mode 100644 hw/rx/tkdn-rx62n.c
>  delete mode 100644 hw/timer/renesas_cmt.c
>  create mode 100644 hw/timer/renesas_mtu.c
>  create mode 100644 hw/timer/renesas_timer.c
>  delete mode 100644 hw/timer/renesas_tmr.c
>  create mode 100644 hw/timer/renesas_tmr8.c
>
> --
> 2.20.1
>
>
>

Re: [PATCH v2 09/76] target/microblaze: Split out FSR from env->sregs

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:25, Richard Henderson 
a écrit :

> Continue eliminating the sregs array in favor of individual members.
> Does not correct the width of FSR, yet.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  target/microblaze/cpu.h  | 1 +
>  linux-user/microblaze/cpu_loop.c | 4 ++--
>  target/microblaze/gdbstub.c  | 4 ++--
>  target/microblaze/op_helper.c| 8 
>  target/microblaze/translate.c| 6 --
>  5 files changed, 13 insertions(+), 10 deletions(-)
>
> diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
> index 7d94af43ed..bcafef99b0 100644
> --- a/target/microblaze/cpu.h
> +++ b/target/microblaze/cpu.h
> @@ -240,6 +240,7 @@ struct CPUMBState {
>  uint64_t msr;
>  uint64_t ear;
>  uint64_t esr;
> +uint64_t fsr;
>  uint64_t sregs[14];
>  float_status fp_status;
>  /* Stack protectors. Yes, it's a hw feature.  */
> diff --git a/linux-user/microblaze/cpu_loop.c
> b/linux-user/microblaze/cpu_loop.c
> index c10e3e0261..da5e98b784 100644
> --- a/linux-user/microblaze/cpu_loop.c
> +++ b/linux-user/microblaze/cpu_loop.c
> @@ -96,10 +96,10 @@ void cpu_loop(CPUMBState *env)
>  case ESR_EC_FPU:
>  info.si_signo = TARGET_SIGFPE;
>  info.si_errno = 0;
> -if (env->sregs[SR_FSR] & FSR_IO) {
> +if (env->fsr & FSR_IO) {
>  info.si_code = TARGET_FPE_FLTINV;
>  }
> -if (env->sregs[SR_FSR] & FSR_DZ) {
> +if (env->fsr & FSR_DZ) {
>  info.si_code = TARGET_FPE_FLTDIV;
>  }
>  info._sifields._sigfault._addr = 0;
> diff --git a/target/microblaze/gdbstub.c b/target/microblaze/gdbstub.c
> index 05e22f233d..2634ce49fc 100644
> --- a/target/microblaze/gdbstub.c
> +++ b/target/microblaze/gdbstub.c
> @@ -71,7 +71,7 @@ int mb_cpu_gdb_read_register(CPUState *cs, GByteArray
> *mem_buf, int n)
>  val = env->esr;
>  break;
>  case GDB_FSR:
> -val = env->sregs[SR_FSR];
> +val = env->fsr;
>  break;
>  case GDB_BTR:
>  val = env->sregs[SR_BTR];
> @@ -127,7 +127,7 @@ int mb_cpu_gdb_write_register(CPUState *cs, uint8_t
> *mem_buf, int n)
>  env->esr = tmp;
>  break;
>  case GDB_FSR:
> -env->sregs[SR_FSR] = tmp;
> +env->fsr = tmp;
>  break;
>  case GDB_BTR:
>  env->sregs[SR_BTR] = tmp;
> diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
> index f01cf9be64..ae57d45536 100644
> --- a/target/microblaze/op_helper.c
> +++ b/target/microblaze/op_helper.c
> @@ -175,19 +175,19 @@ static void update_fpu_flags(CPUMBState *env, int
> flags)
>  int raise = 0;
>
>  if (flags & float_flag_invalid) {
> -env->sregs[SR_FSR] |= FSR_IO;
> +env->fsr |= FSR_IO;
>  raise = 1;
>  }
>  if (flags & float_flag_divbyzero) {
> -env->sregs[SR_FSR] |= FSR_DZ;
> +env->fsr |= FSR_DZ;
>  raise = 1;
>  }
>  if (flags & float_flag_overflow) {
> -env->sregs[SR_FSR] |= FSR_OF;
> +env->fsr |= FSR_OF;
>  raise = 1;
>  }
>  if (flags & float_flag_underflow) {
> -env->sregs[SR_FSR] |= FSR_UF;
> +env->fsr |= FSR_UF;
>  raise = 1;
>  }
>  if (raise
> diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
> index 411c7b6e49..c58c49ea8f 100644
> --- a/target/microblaze/translate.c
> +++ b/target/microblaze/translate.c
> @@ -1810,7 +1810,7 @@ void mb_cpu_dump_state(CPUState *cs, FILE *f, int
> flags)
>   "debug=%x imm=%x iflags=%x fsr=%" PRIx64 " "
>   "rbtr=%" PRIx64 "\n",
>   env->msr, env->esr, env->ear,
> - env->debug, env->imm, env->iflags, env->sregs[SR_FSR],
> + env->debug, env->imm, env->iflags, env->fsr,
>   env->sregs[SR_BTR]);
>  qemu_fprintf(f, "btaken=%d btarget=%" PRIx64 " mode=%s(saved=%s) "
>   "eip=%d ie=%d\n",
> @@ -1877,8 +1877,10 @@ void mb_tcg_init(void)
>  tcg_global_mem_new_i64(cpu_env, offsetof(CPUMBState, ear),
> "rear");
>  cpu_SR[SR_ESR] =
>  tcg_global_mem_new_i64(cpu_env, offsetof(CPUMBState, esr),
> "resr");
> +cpu_SR[SR_FSR] =
> +tcg_global_mem_new_i64(cpu_env, offsetof(CPUMBState, fsr),
> "rfsr");
>
> -for (i = SR_ESR + 1; i < ARRAY_SIZE(cpu_SR); i++) {
> +for (i = SR_FSR + 1; i < ARRAY_SIZE(cpu_SR); i++) {
>  cpu_SR[i] = tcg_global_mem_new_i64(cpu_env,
>offsetof(CPUMBState, sregs[i]),
>special_regnames[i]);
> --
> 2.25.1
>
>
>

Re: [PATCH v2 62/76] target/microblaze: Tidy mb_cpu_dump_state

[Philippe Mathieu-Daudé]

Hi Richard,

Le ven. 28 août 2020 16:46, Richard Henderson 
a écrit :

> Using lookup_symbol is quite slow; remove that.  Decode the
>

Can we add some runtime option to enable its use instead?

various bits of iflags; only show imm, btaken, btarget when
> they are relevant to iflags.  Improve formatting.
>
> Signed-off-by: Richard Henderson 
> ---
>  target/microblaze/translate.c | 67 +--
>  1 file changed, 41 insertions(+), 26 deletions(-)
>
> diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
> index 811c92d23b..3b63fd79e5 100644
> --- a/target/microblaze/translate.c
> +++ b/target/microblaze/translate.c
> @@ -1818,41 +1818,56 @@ void mb_cpu_dump_state(CPUState *cs, FILE *f, int
> flags)
>  {
>  MicroBlazeCPU *cpu = MICROBLAZE_CPU(cs);
>  CPUMBState *env = >env;
> +uint32_t iflags;
>  int i;
>
> -if (!env) {
> -return;
> -}
> -
> -qemu_fprintf(f, "IN: PC=%x %s\n",
> - env->pc, lookup_symbol(env->pc));
> -qemu_fprintf(f, "rmsr=%x resr=%x rear=%" PRIx64 " "
> - "imm=%x iflags=%x fsr=%x rbtr=%x\n",
> - env->msr, env->esr, env->ear,
> - env->imm, env->iflags, env->fsr, env->btr);
> -qemu_fprintf(f, "btaken=%d btarget=%x mode=%s(saved=%s) eip=%d
> ie=%d\n",
> - env->btaken, env->btarget,
> +qemu_fprintf(f, "pc=0x%08x msr=0x%05x mode=%s(saved=%s) eip=%d
> ie=%d\n",
> + env->pc, env->msr,
>   (env->msr & MSR_UM) ? "user" : "kernel",
>   (env->msr & MSR_UMS) ? "user" : "kernel",
>   (bool)(env->msr & MSR_EIP),
>   (bool)(env->msr & MSR_IE));
> -for (i = 0; i < 12; i++) {
> -qemu_fprintf(f, "rpvr%2.2d=%8.8x ", i, env->pvr.regs[i]);
> -if ((i + 1) % 4 == 0) {
> -qemu_fprintf(f, "\n");
> -}
> +
> +iflags = env->iflags;
> +qemu_fprintf(f, "iflags: 0x%08x", iflags);
> +if (iflags & IMM_FLAG) {
> +qemu_fprintf(f, " IMM(0x%08x)", env->imm);
> +}
> +if (iflags & BIMM_FLAG) {
> +qemu_fprintf(f, " BIMM");
> +}
> +if (iflags & D_FLAG) {
> +qemu_fprintf(f, " D(btaken=%d btarget=0x%08x)",
> + env->btaken, env->btarget);
> +}
> +if (iflags & DRTI_FLAG) {
> +qemu_fprintf(f, " DRTI");
> +}
> +if (iflags & DRTE_FLAG) {
> +qemu_fprintf(f, " DRTE");
> +}
> +if (iflags & DRTB_FLAG) {
> +qemu_fprintf(f, " DRTB");
> +}
> +if (iflags & ESR_ESS_FLAG) {
> +qemu_fprintf(f, " ESR_ESS(0x%04x)", iflags & ESR_ESS_MASK);
> +}
> +
> +qemu_fprintf(f, "\nesr=0x%04x fsr=0x%02x btr=0x%08x edr=0x%x\n"
> + "ear=0x%016" PRIx64 " slr=0x%x shr=0x%x\n",
> + env->esr, env->fsr, env->btr, env->edr,
> + env->ear, env->slr, env->shr);
> +
> +for (i = 0; i < 12; i++) {
> +qemu_fprintf(f, "rpvr%-2d=%08x%c",
> + i, env->pvr.regs[i], i % 4 == 3 ? '\n' : ' ');
>  }
>
> -/* Registers that aren't modeled are reported as 0 */
> -qemu_fprintf(f, "redr=%x rpid=0 rzpr=0 rtlbx=0 rtlbsx=0 "
> -"rtlblo=0 rtlbhi=0\n", env->edr);
> -qemu_fprintf(f, "slr=%x shr=%x\n", env->slr, env->shr);
>  for (i = 0; i < 32; i++) {
> -qemu_fprintf(f, "r%2.2d=%8.8x ", i, env->regs[i]);
> -if ((i + 1) % 4 == 0)
> -qemu_fprintf(f, "\n");
> -}
> -qemu_fprintf(f, "\n\n");
> +qemu_fprintf(f, "r%2.2d=%08x%c",
> + i, env->regs[i], i % 4 == 3 ? '\n' : ' ');
> +}
> +qemu_fprintf(f, "\n");
>  }
>
>  void mb_tcg_init(void)
> --
> 2.25.1
>
>
>

Re: [PATCH v2 3/7] target/cris: add CRISCPUClass->do_interrupt_locked

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> Adding ->do_interrupt_locked to CRISCPUClass is preparation for
> pushing the BQL down into the per-arch implementation of ->do_interrupt.
> 
> This is needed since Cris's *_cpu_exec_interrupt calls to *_do_interrupt.
> With the push down of the BQL into *_cpu_exec_interrupt and
> *_do_interrupt, *_cpu_exec_interrupt will call to ->do_interrupt
> with lock held.  Since ->do_interrupt also has the lock, we need a way
> to allow cpu_exec_interrupt to call do_interrupt with lock held.
> This patch solves the issue of *_cpu_exec_interrupt needing
> to call do_interrupt with lock held.
> 
> This patch is part of a series of transitions to move the
> BQL down into the do_interrupt per arch functions.  This set of
> transitions is needed to maintain bisectability.
> 
> This approach was suggested by Paolo Bonzini.
> For reference, here are two key posts in the discussion, explaining
> the reasoning/benefits of this approach.
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00784.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg01517.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg08731.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00044.html
> 
> Signed-off-by: Robert Foley 
> ---
>  target/cris/cpu-qom.h | 3 +++
>  target/cris/cpu.c | 6 ++
>  target/cris/helper.c  | 6 +++---
>  3 files changed, 12 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [PATCH 1/4] tracetool: add output filename command-line argument

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 16:30, Stefan Hajnoczi  a écrit :

> The tracetool.py script writes to stdout. This means the output filename
> is not available to the script. Add the output filename to the
> command-line so that the script has access to the filename.
>
> This also simplifies the tracetool.py invocation. It's no longer
> necessary to use meson's custom_build(capture : true) to save output.
>
> Signed-off-by: Stefan Hajnoczi 
> ---
>  docs/devel/tracing.txt|  3 ++-
>  meson.build   |  3 +--
>  scripts/tracetool.py  | 12 +++-
>  scripts/tracetool/__init__.py | 18 --
>  trace/meson.build | 23 ---
>  5 files changed, 34 insertions(+), 25 deletions(-)
>
> diff --git a/docs/devel/tracing.txt b/docs/devel/tracing.txt
> index 6144d9921b..c84d4c00ac 100644
> --- a/docs/devel/tracing.txt
> +++ b/docs/devel/tracing.txt
> @@ -318,7 +318,8 @@ probes:
>   --target-type system \
>   --target-name x86_64 \
>   --group=all \
> - trace-events-all >qemu.stp
> + trace-events-all \
> + qemu.stp
>
>  To facilitate simple usage of systemtap where there merely needs to be
> printf
>  logging of certain probes, a helper script "qemu-trace-stap" is provided.
> diff --git a/meson.build b/meson.build
> index f0fe5f8799..fadeb0c268 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1037,7 +1037,6 @@ foreach target : target_dirs
>  custom_target(exe_name + stp['ext'],
>input: trace_events_all,
>output: exe_name + stp['ext'],
> -  capture: true,
>install: stp['install'],
>install_dir: config_host['qemu_datadir'] /
> '../systemtap/tapset',
>command: [
> @@ -1046,7 +1045,7 @@ foreach target : target_dirs
>  '--target-name=' + target_name,
>  '--target-type=' + target_type,
>  '--probe-prefix=qemu.' + target_type + '.' +
> target_name,
> -'@INPUT@',
> +'@INPUT@', '@OUTPUT@'
>])
>endforeach
>  endif
> diff --git a/scripts/tracetool.py b/scripts/tracetool.py
> index 31146242b7..ab7653a5ce 100644
> --- a/scripts/tracetool.py
> +++ b/scripts/tracetool.py
> @@ -16,7 +16,7 @@ __email__  = "stefa...@redhat.com"
>  import sys
>  import getopt
>
> -from tracetool import error_write, out
> +from tracetool import error_write, out, out_open
>  import tracetool.backend
>  import tracetool.format
>
> @@ -32,7 +32,7 @@ def error_opt(msg = None):
>  format_descr = "\n".join([ "%-15s %s" % (n, d)
> for n,d in tracetool.format.get_list() ])
>  error_write("""\
> -Usage: %(script)s --format= --backends= []
> +Usage: %(script)s --format= --backends= []
>  ... 
>
>  Backends:
>  %(backends)s
> @@ -135,13 +135,15 @@ def main(args):
>  if probe_prefix is None:
>  probe_prefix = ".".join(["qemu", target_type, target_name])
>
> -if len(args) < 1:
> -error_opt("missing trace-events filepath")
> +if len(args) < 2:
> +error_opt("missing trace-events and output filepaths")
>  events = []
> -for arg in args:
> +for arg in args[:-1]:
>  with open(arg, "r") as fh:
>  events.extend(tracetool.read_events(fh, arg))
>
> +out_open(args[-1])
> +
>  try:
>  tracetool.generate(events, arg_group, arg_format, arg_backends,
> binary=binary, probe_prefix=probe_prefix)
> diff --git a/scripts/tracetool/__init__.py b/scripts/tracetool/__init__.py
> index 3ccfa1e116..98104fa50e 100644
> --- a/scripts/tracetool/__init__.py
> +++ b/scripts/tracetool/__init__.py
> @@ -31,14 +31,28 @@ def error(*lines):
>  sys.exit(1)
>
>
> +out_filename = ''
> +out_fobj = sys.stdout
>

These appear to be always overwritten (is initialization useful?)

Anyway:
Reviewed-by: Philippe Mathieu-Daudé 

+
> +def out_open(filename):
> +global out_filename, out_fobj
> +out_filename = filename
> +out_fobj = open(filename, 'wt')
> +
>  def out(*lines, **kwargs):
>  """Write a set of output lines.
>
>  You can use kwargs as a shorthand for mapping variables when
> formating all
>  the strings in lines.
> +
> +The 'out_filename' kwarg is automatically added with the output
> filename.
>  """
> -lines = [ l % kwargs for l in lines ]
> -sys.stdout.writelines("\n".join(lines) + "\n")
> +output = []
> +for l in lines:
> +kwargs['out_filename'] = out_filename
> +output.append(l % kwargs)
> +
> +out_fobj.writelines("\n".join(output) + "\n")
>
>  # We only want to allow standard C types or fixed sized
>  # integer types. We don't want QEMU specific types
> 

Re: [PATCH v2 10/76] target/microblaze: Split out BTR from env->sregs

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:26, Richard Henderson 
a écrit :

> Continue eliminating the sregs array in favor of individual members.
> Does not correct the width of BTR, yet.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  target/microblaze/cpu.h   | 1 +
>  target/microblaze/gdbstub.c   | 4 ++--
>  target/microblaze/helper.c| 4 ++--
>  target/microblaze/translate.c | 6 --
>  4 files changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
> index bcafef99b0..deddb47abb 100644
> --- a/target/microblaze/cpu.h
> +++ b/target/microblaze/cpu.h
> @@ -241,6 +241,7 @@ struct CPUMBState {
>  uint64_t ear;
>  uint64_t esr;
>  uint64_t fsr;
> +uint64_t btr;
>  uint64_t sregs[14];
>  float_status fp_status;
>  /* Stack protectors. Yes, it's a hw feature.  */
> diff --git a/target/microblaze/gdbstub.c b/target/microblaze/gdbstub.c
> index 2634ce49fc..cde8c169bf 100644
> --- a/target/microblaze/gdbstub.c
> +++ b/target/microblaze/gdbstub.c
> @@ -74,7 +74,7 @@ int mb_cpu_gdb_read_register(CPUState *cs, GByteArray
> *mem_buf, int n)
>  val = env->fsr;
>  break;
>  case GDB_BTR:
> -val = env->sregs[SR_BTR];
> +val = env->btr;
>  break;
>  case GDB_PVR0 ... GDB_PVR11:
>  /* PVR12 is intentionally skipped */
> @@ -130,7 +130,7 @@ int mb_cpu_gdb_write_register(CPUState *cs, uint8_t
> *mem_buf, int n)
>  env->fsr = tmp;
>  break;
>  case GDB_BTR:
> -env->sregs[SR_BTR] = tmp;
> +env->btr = tmp;
>  break;
>  case GDB_PVR0 ... GDB_PVR11:
>  /* PVR12 is intentionally skipped */
> diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
> index ea290be780..b240dc76f6 100644
> --- a/target/microblaze/helper.c
> +++ b/target/microblaze/helper.c
> @@ -132,7 +132,7 @@ void mb_cpu_do_interrupt(CPUState *cs)
>  /* Exception breaks branch + dslot sequence?  */
>  if (env->iflags & D_FLAG) {
>  env->esr |= 1 << 12 ;
> -env->sregs[SR_BTR] = env->btarget;
> +env->btr = env->btarget;
>  }
>
>  /* Disable the MMU.  */
> @@ -160,7 +160,7 @@ void mb_cpu_do_interrupt(CPUState *cs)
>  if (env->iflags & D_FLAG) {
>  D(qemu_log("D_FLAG set at exception bimm=%d\n",
> env->bimm));
>  env->esr |= 1 << 12 ;
> -env->sregs[SR_BTR] = env->btarget;
> +env->btr = env->btarget;
>
>  /* Reexecute the branch.  */
>  env->regs[17] -= 4;
> diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
> index c58c49ea8f..469e1f103a 100644
> --- a/target/microblaze/translate.c
> +++ b/target/microblaze/translate.c
> @@ -1811,7 +1811,7 @@ void mb_cpu_dump_state(CPUState *cs, FILE *f, int
> flags)
>   "rbtr=%" PRIx64 "\n",
>   env->msr, env->esr, env->ear,
>   env->debug, env->imm, env->iflags, env->fsr,
> - env->sregs[SR_BTR]);
> + env->btr);
>  qemu_fprintf(f, "btaken=%d btarget=%" PRIx64 " mode=%s(saved=%s) "
>   "eip=%d ie=%d\n",
>   env->btaken, env->btarget,
> @@ -1879,8 +1879,10 @@ void mb_tcg_init(void)
>  tcg_global_mem_new_i64(cpu_env, offsetof(CPUMBState, esr),
> "resr");
>  cpu_SR[SR_FSR] =
>  tcg_global_mem_new_i64(cpu_env, offsetof(CPUMBState, fsr),
> "rfsr");
> +cpu_SR[SR_BTR] =
> +tcg_global_mem_new_i64(cpu_env, offsetof(CPUMBState, btr),
> "rbtr");
>
> -for (i = SR_FSR + 1; i < ARRAY_SIZE(cpu_SR); i++) {
> +for (i = SR_BTR + 1; i < ARRAY_SIZE(cpu_SR); i++) {
>  cpu_SR[i] = tcg_global_mem_new_i64(cpu_env,
>offsetof(CPUMBState, sregs[i]),
>special_regnames[i]);
> --
> 2.25.1
>
>
>

Re: [PATCH] Deprecate lm32 port

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 16:51, Thomas Huth  a écrit :

> On 27/08/2020 16.19, Peter Maydell wrote:
> > On Thu, 27 Aug 2020 at 14:52, Thomas Huth  wrote:
> >> What's next? moxie? ... apart from the tree-wide clean-ups and trivial
> >> fixes, moxie did not have any major updates since 2013 when it has been
> >> added, as far as I can see ... is anybody still using it?
> >
> > I was never very clear on how much use moxie had to start with...
> >
> > An extremely rough-and-ready guide to how well-loved a target
> > is might be "did it get converted to TranslatorOps?". Unconverted:
> >  * avr
> >  * cris
> >  * lm32 (deprecation in progress)
> >  * microblaze (rth just posted patches for this)
> >  * moxie
> >  * nios2
> >  * tilegx (deprecation in progress)
> >  * unicore32 (deprecation in progress)
>
> Another criteria might be: Do we have a tcg, qtest or acceptance test to
> check that the target is still working?
>

And to some extent "is there documentation publicly available?" as it makes
maintenance by others possible.


> - avr has an acceptance test
>
> - cris has tcg tests
>
> - lm32 has tcg tests
>
> - microblaze has acceptance tests (and one trivial qtest)
>
> - moxie ... has only one very trivial qtest (boot-serial-test)
>
> - nios2 has an acceptance test
>
> - tilegx does not have any tests at all
>
> - unicore32 does not have any tests at all
>   (not counting the trivial machine-none-test)
>
> So from that point of view, unicore32, tilegx and moxie are the
> candidates for deprecation.
>
> > I think dropping the moxie maintainer an email to ask about
> > the architecture's status wouldn't be a bad idea if you
> > wanted to start that ball rolling.
>
> Ok, good idea, I'll try to write a mail later today.
>
>  Thomas
>
>
>

Re: [PATCH v2] hw/arm/sbsa-ref: add "reg" property to DT cpu nodes

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 14:45, Leif Lindholm  a écrit :

> The sbsa-ref platform uses a minimal device tree to pass amount of memory
> as well as number of cpus to the firmware. However, when dumping that
> minimal dtb (with -M sbsa-virt,dumpdtb=), the resulting blob
> generates a warning when decompiled by dtc due to lack of reg property.
>
> Add a simple reg property per cpu, representing a 64-bit MPIDR_EL1.
>
> This also ends up being cleaner than having the firmware calculating its
> own IDs for generating APCI.
>
> Signed-off-by: Leif Lindholm 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>
> As per Graeme's feedback, properly represent the MPIDR topology info
> in the reg property rather than just counting cores (and update the
> commit message on why this is useful).
> I'm using the local helper function sbsa_ref_cpu_mp_affinity() for this,
> and moving it up somewhat rather than adding a forward declaration.
>
>  hw/arm/sbsa-ref.c | 29 +++--
>  1 file changed, 23 insertions(+), 6 deletions(-)
>
> diff --git a/hw/arm/sbsa-ref.c b/hw/arm/sbsa-ref.c
> index f030a416fd..3e65ded9a0 100644
> --- a/hw/arm/sbsa-ref.c
> +++ b/hw/arm/sbsa-ref.c
> @@ -138,6 +138,12 @@ static const int sbsa_ref_irqmap[] = {
>  [SBSA_EHCI] = 11,
>  };
>
> +static uint64_t sbsa_ref_cpu_mp_affinity(SBSAMachineState *sms, int idx)
> +{
> +uint8_t clustersz = ARM_DEFAULT_CPUS_PER_CLUSTER;
> +return arm_cpu_mp_affinity(idx, clustersz);
> +}
> +
>  /*
>   * Firmware on this machine only uses ACPI table to load OS, these limited
>   * device tree nodes are just to let firmware know the info which varies
> from
> @@ -183,14 +189,31 @@ static void create_fdt(SBSAMachineState *sms)
>  g_free(matrix);
>  }
>
> +/*
> + * From Documentation/devicetree/bindings/arm/cpus.yaml
> + *  On ARM v8 64-bit systems this property is required
> + *and matches the MPIDR_EL1 register affinity bits.
> + *
> + ** If cpus node's #address-cells property is set to 2
> + *
> + *  The first reg cell bits [7:0] must be set to
> + *  bits [39:32] of MPIDR_EL1.
> + *
> + *  The second reg cell bits [23:0] must be set to
> + *  bits [23:0] of MPIDR_EL1.
> + */
>  qemu_fdt_add_subnode(sms->fdt, "/cpus");
> +qemu_fdt_setprop_cell(sms->fdt, "/cpus", "#address-cells", 2);
> +qemu_fdt_setprop_cell(sms->fdt, "/cpus", "#size-cells", 0x0);
>
>  for (cpu = sms->smp_cpus - 1; cpu >= 0; cpu--) {
>  char *nodename = g_strdup_printf("/cpus/cpu@%d", cpu);
>  ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu));
>  CPUState *cs = CPU(armcpu);
> +uint64_t mpidr = sbsa_ref_cpu_mp_affinity(sms, cpu);
>
>  qemu_fdt_add_subnode(sms->fdt, nodename);
> +qemu_fdt_setprop_u64(sms->fdt, nodename, "reg", mpidr);
>
>  if (ms->possible_cpus->cpus[cs->cpu_index].props.has_node_id) {
>  qemu_fdt_setprop_cell(sms->fdt, nodename, "numa-node-id",
> @@ -717,12 +740,6 @@ static void sbsa_ref_init(MachineState *machine)
>  arm_load_kernel(ARM_CPU(first_cpu), machine, >bootinfo);
>  }
>
> -static uint64_t sbsa_ref_cpu_mp_affinity(SBSAMachineState *sms, int idx)
> -{
> -uint8_t clustersz = ARM_DEFAULT_CPUS_PER_CLUSTER;
> -return arm_cpu_mp_affinity(idx, clustersz);
> -}
> -
>  static const CPUArchIdList *sbsa_ref_possible_cpu_arch_ids(MachineState
> *ms)
>  {
>  unsigned int max_cpus = ms->smp.max_cpus;
> --
> 2.20.1
>
>
>

Re: [PATCH] libvhost-user: Add GCC_FMT_ATTR and fix format string

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 23:09, Stefan Weil  a écrit :

> Signed-off-by: Stefan Weil 
> ---
>  contrib/libvhost-user/libvhost-user.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/contrib/libvhost-user/libvhost-user.c
> b/contrib/libvhost-user/libvhost-user.c
> index 53f16bdf08..ff7ac876f4 100644
> --- a/contrib/libvhost-user/libvhost-user.c
> +++ b/contrib/libvhost-user/libvhost-user.c
> @@ -151,7 +151,7 @@ vu_request_to_string(unsigned int req)
>  }
>  }
>
> -static void
> +static void GCC_FMT_ATTR(2, 3)
>  vu_panic(VuDev *dev, const char *msg, ...)
>  {
>  char *buf = NULL;
> @@ -643,7 +643,7 @@ generate_faults(VuDev *dev) {
>
>  if (ioctl(dev->postcopy_ufd, UFFDIO_REGISTER, _struct)) {
>  vu_panic(dev, "%s: Failed to userfault region %d "
> -  "@%p + size:%zx offset: %zx: (ufd=%d)%s\n",
> +  "@%016"PRIx64" + size:%zx offset: %zx:
> (ufd=%d)%s\n",
>

I thought I had fixed this last month, but I don't have my email backlog,
so:
Reviewed-by: Philippe Mathieu-Daudé 

  __func__, i,
>   dev_region->mmap_addr,
>   dev_region->size, dev_region->mmap_offset,
> --
> 2.28.0
>
>
>

Re: [PATCH v2 07/76] target/microblaze: Split out EAR from env->sregs

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:23, Richard Henderson 
a écrit :

> Continue eliminating the sregs array in favor of individual members.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  target/microblaze/cpu.h   | 1 +
>  target/microblaze/gdbstub.c   | 4 ++--
>  target/microblaze/helper.c| 6 +++---
>  target/microblaze/op_helper.c | 8 
>  target/microblaze/translate.c | 6 --
>  5 files changed, 14 insertions(+), 11 deletions(-)
>
> diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
> index 36de61d9f9..c9035b410e 100644
> --- a/target/microblaze/cpu.h
> +++ b/target/microblaze/cpu.h
> @@ -238,6 +238,7 @@ struct CPUMBState {
>  uint32_t regs[32];
>  uint64_t pc;
>  uint64_t msr;
> +uint64_t ear;
>  uint64_t sregs[14];
>  float_status fp_status;
>  /* Stack protectors. Yes, it's a hw feature.  */
> diff --git a/target/microblaze/gdbstub.c b/target/microblaze/gdbstub.c
> index e4c4936a7a..e33a613efe 100644
> --- a/target/microblaze/gdbstub.c
> +++ b/target/microblaze/gdbstub.c
> @@ -65,7 +65,7 @@ int mb_cpu_gdb_read_register(CPUState *cs, GByteArray
> *mem_buf, int n)
>  val = env->msr;
>  break;
>  case GDB_EAR:
> -val = env->sregs[SR_EAR];
> +val = env->ear;
>  break;
>  case GDB_ESR:
>  val = env->sregs[SR_ESR];
> @@ -121,7 +121,7 @@ int mb_cpu_gdb_write_register(CPUState *cs, uint8_t
> *mem_buf, int n)
>  env->msr = tmp;
>  break;
>  case GDB_EAR:
> -env->sregs[SR_EAR] = tmp;
> +env->ear = tmp;
>  break;
>  case GDB_ESR:
>  env->sregs[SR_ESR] = tmp;
> diff --git a/target/microblaze/helper.c b/target/microblaze/helper.c
> index a18314540f..afe9634781 100644
> --- a/target/microblaze/helper.c
> +++ b/target/microblaze/helper.c
> @@ -85,7 +85,7 @@ bool mb_cpu_tlb_fill(CPUState *cs, vaddr address, int
> size,
>  qemu_log_mask(CPU_LOG_MMU, "mmu=%d miss v=%" VADDR_PRIx "\n",
>mmu_idx, address);
>
> -env->sregs[SR_EAR] = address;
> +env->ear = address;
>  switch (lu.err) {
>  case ERR_PROT:
>  env->sregs[SR_ESR] = access_type == MMU_INST_FETCH ? 17 : 16;
> @@ -145,7 +145,7 @@ void mb_cpu_do_interrupt(CPUState *cs)
>  qemu_log_mask(CPU_LOG_INT,
>"hw exception at pc=%" PRIx64 " ear=%" PRIx64 "
> "
>"esr=%" PRIx64 " iflags=%x\n",
> -  env->pc, env->sregs[SR_EAR],
> +  env->pc, env->ear,
>env->sregs[SR_ESR], env->iflags);
>  log_cpu_state_mask(CPU_LOG_INT, cs, 0);
>  env->iflags &= ~(IMM_FLAG | D_FLAG);
> @@ -188,7 +188,7 @@ void mb_cpu_do_interrupt(CPUState *cs)
>  qemu_log_mask(CPU_LOG_INT,
>"exception at pc=%" PRIx64 " ear=%" PRIx64 " "
>"iflags=%x\n",
> -  env->pc, env->sregs[SR_EAR], env->iflags);
> +  env->pc, env->ear, env->iflags);
>  log_cpu_state_mask(CPU_LOG_INT, cs, 0);
>  env->iflags &= ~(IMM_FLAG | D_FLAG);
>  env->pc = cpu->cfg.base_vectors + 0x20;
> diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
> index 3668382d36..5bacd29663 100644
> --- a/target/microblaze/op_helper.c
> +++ b/target/microblaze/op_helper.c
> @@ -78,7 +78,7 @@ void helper_debug(CPUMBState *env)
>  qemu_log("PC=%" PRIx64 "\n", env->pc);
>  qemu_log("rmsr=%" PRIx64 " resr=%" PRIx64 " rear=%" PRIx64 " "
>   "debug[%x] imm=%x iflags=%x\n",
> - env->msr, env->sregs[SR_ESR], env->sregs[SR_EAR],
> + env->msr, env->sregs[SR_ESR], env->ear,
>   env->debug, env->imm, env->iflags);
>  qemu_log("btaken=%d btarget=%" PRIx64 " mode=%s(saved=%s) eip=%d
> ie=%d\n",
>   env->btaken, env->btarget,
> @@ -431,7 +431,7 @@ void helper_memalign(CPUMBState *env, target_ulong
> addr,
>"unaligned access addr=" TARGET_FMT_lx
>" mask=%x, wr=%d dr=r%d\n",
>addr, mask, wr, dr);
> -env->sregs[SR_EAR] = addr;
> +env->ear = addr;
>  env->sregs[SR_ESR] = ESR_EC_UNALIGNED_DATA | (wr << 10) \
>   | (dr & 31) << 5;
>  if (mask == 3) {
> @@ -450,7 +450,7 @@ void helper_stackprot(CPUMBState *env, target_ulong
> addr)
>  qemu_log_mask(CPU_LOG_INT, "Stack protector violation at "
>TARGET_FMT_lx " %x %x\n",
>addr, env->slr, env->shr);
> -env->sregs[SR_EAR] = addr;
> +env->ear = addr;
>  env->sregs[SR_ESR] = ESR_EC_STACKPROT;
>  helper_raise_exception(env, EXCP_HW_EXCP);
>  }
> @@ -488,7 +488,7 @@ void mb_cpu_transaction_failed(CPUState *cs, hwaddr
> physaddr, vaddr 

Re: [PATCH] docs/system: Fix grammar in documentation

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 19:31, Stefan Weil  a écrit :

> Signed-off-by: Stefan Weil 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  docs/system/build-platforms.rst | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/docs/system/build-platforms.rst
> b/docs/system/build-platforms.rst
> index c2b92a9698..9734eba2f1 100644
> --- a/docs/system/build-platforms.rst
> +++ b/docs/system/build-platforms.rst
> @@ -57,12 +57,12 @@ macOS
>  -
>
>  The project supports building with the two most recent versions of
> -macOS, with the current homebrew package set available.
> +macOS, with the current Homebrew package set available.
>
>  FreeBSD
>  ---
>
> -The project aims to support the all the versions which are not end of
> +The project aims to support all versions which are not end of
>  life.
>
>  NetBSD
> @@ -75,5 +75,5 @@ new major version is released.
>  OpenBSD
>  ---
>
> -The project aims to support the all the versions which are not end of
> +The project aims to support all versions which are not end of
>  life.
> --
> 2.28.0
>
>
>

Re: [PATCH] hw/ide: check null block pointer before blk_drain

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 13:47, P J P  a écrit :

> From: Prasad J Pandit 
>
> While cancelling an i/o operation via ide_cancel_dma_sync(),
> check for null block pointer before calling blk_drain(). Avoid
> null pointer dereference.
>
>  ->
> https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
> ==1803100==Hint: address points to the zero page.
> #0 blk_bs ../block/block-backend.c:714
> #1 blk_drain ../block/block-backend.c:1715
> #2 ide_cancel_dma_sync ../hw/ide/core.c:723
> #3 bmdma_cmd_writeb ../hw/ide/pci.c:298
> #4 bmdma_write ../hw/ide/piix.c:75
> #5 memory_region_write_accessor ../softmmu/memory.c:483
> #6 access_with_adjusted_size ../softmmu/memory.c:544
> #7 memory_region_dispatch_write ../softmmu/memory.c:1465
> #8 flatview_write_continue ../exec.c:3176
> ...
>
> Reported-by: Ruhr-University 
> Signed-off-by: Prasad J Pandit 
> ---
>  hw/ide/core.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/ide/core.c b/hw/ide/core.c
> index d997a78e47..038af1cd6b 100644
> --- a/hw/ide/core.c
> +++ b/hw/ide/core.c
> @@ -718,7 +718,7 @@ void ide_cancel_dma_sync(IDEState *s)
>   * whole DMA operation will be submitted to disk with a single
>   * aio operation with preadv/pwritev.
>   */
> -if (s->bus->dma->aiocb) {
> +if (s->blk && s->bus->dma->aiocb) {
>

But s->blk mustn't be null here... IMHO we should assert() here and add a
check earlier.

Don't we already have a Launchpad bug for this BTW?

 trace_ide_cancel_dma_sync_remaining();
>  blk_drain(s->blk);
>  assert(s->bus->dma->aiocb == NULL);
> --
> 2.26.2
>
>
>

Re: [PATCH 3/3] tcg: Implement 256-bit dup for tcg_gen_gvec_dup_mem

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 20:04, Richard Henderson 
a écrit :

> We already support duplication of 128-bit blocks.  This extends
> that support to 256-bit blocks.  This will be needed by SVE2.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  tcg/tcg-op-gvec.c | 52 ---
>  1 file changed, 49 insertions(+), 3 deletions(-)
>
> diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
> index fcc25b04e6..7ebd9e8298 100644
> --- a/tcg/tcg-op-gvec.c
> +++ b/tcg/tcg-op-gvec.c
> @@ -1570,12 +1570,10 @@ void tcg_gen_gvec_dup_mem(unsigned vece, uint32_t
> dofs, uint32_t aofs,
>  do_dup(vece, dofs, oprsz, maxsz, NULL, in, 0);
>  tcg_temp_free_i64(in);
>  }
> -} else {
> +} else if (vece == 4) {
>  /* 128-bit duplicate.  */
> -/* ??? Dup to 256-bit vector.  */
>  int i;
>
> -tcg_debug_assert(vece == 4);
>  tcg_debug_assert(oprsz >= 16);
>  if (TCG_TARGET_HAS_v128) {
>  TCGv_vec in = tcg_temp_new_vec(TCG_TYPE_V128);
> @@ -1601,6 +1599,54 @@ void tcg_gen_gvec_dup_mem(unsigned vece, uint32_t
> dofs, uint32_t aofs,
>  if (oprsz < maxsz) {
>  expand_clr(dofs + oprsz, maxsz - oprsz);
>  }
> +} else if (vece == 5) {
> +/* 256-bit duplicate.  */
> +int i;
> +
> +tcg_debug_assert(oprsz >= 32);
> +tcg_debug_assert(oprsz % 32 == 0);
> +if (TCG_TARGET_HAS_v256) {
> +TCGv_vec in = tcg_temp_new_vec(TCG_TYPE_V256);
> +
> +tcg_gen_ld_vec(in, cpu_env, aofs);
> +for (i = (aofs == dofs) * 32; i < oprsz; i += 32) {
> +tcg_gen_st_vec(in, cpu_env, dofs + i);
> +}
> +tcg_temp_free_vec(in);
> +} else if (TCG_TARGET_HAS_v128) {
> +TCGv_vec in0 = tcg_temp_new_vec(TCG_TYPE_V128);
> +TCGv_vec in1 = tcg_temp_new_vec(TCG_TYPE_V128);
> +
> +tcg_gen_ld_vec(in0, cpu_env, aofs);
> +tcg_gen_ld_vec(in1, cpu_env, aofs + 16);
> +for (i = (aofs == dofs) * 32; i < oprsz; i += 32) {
> +tcg_gen_st_vec(in0, cpu_env, dofs + i);
> +tcg_gen_st_vec(in1, cpu_env, dofs + i + 16);
> +}
> +tcg_temp_free_vec(in0);
> +tcg_temp_free_vec(in1);
> +} else {
> +TCGv_i64 in[4];
> +int j;
> +
> +for (j = 0; j < 4; ++j) {
> +in[j] = tcg_temp_new_i64();
> +tcg_gen_ld_i64(in[j], cpu_env, aofs + j * 8);
> +}
> +for (i = (aofs == dofs) * 32; i < oprsz; i += 32) {
> +for (j = 0; j < 4; ++j) {
> +tcg_gen_st_i64(in[j], cpu_env, dofs + i + j * 8);
> +}
> +}
> +for (j = 0; j < 4; ++j) {
> +tcg_temp_free_i64(in[j]);
> +}
> +}
> +if (oprsz < maxsz) {
> +expand_clr(dofs + oprsz, maxsz - oprsz);
> +}
> +} else {
> +g_assert_not_reached();
>  }
>  }
>
> --
> 2.25.1
>
>
>

Re: [PATCH 3/4] tracetool: add input filename and line number to Event

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 16:32, Stefan Hajnoczi  a écrit :

> Store the input filename and line number in Event.
>
> A later patch will use this to improve error messages.
>
> Signed-off-by: Stefan Hajnoczi 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  scripts/tracetool/__init__.py | 27 ++-
>  1 file changed, 22 insertions(+), 5 deletions(-)
>
> diff --git a/scripts/tracetool/__init__.py b/scripts/tracetool/__init__.py
> index e4ee4d5e61..1a6e2fa64a 100644
> --- a/scripts/tracetool/__init__.py
> +++ b/scripts/tracetool/__init__.py
> @@ -218,6 +218,10 @@ class Event(object):
>  Properties of the event.
>  args : Arguments
>  The event arguments.
> +lineno : int
> +The line number in the input file.
> +filename : str
> +The path to the input file.
>
>  """
>
> @@ -230,7 +234,7 @@ class Event(object):
>
>  _VALID_PROPS = set(["disable", "tcg", "tcg-trans", "tcg-exec",
> "vcpu"])
>
> -def __init__(self, name, props, fmt, args, orig=None,
> +def __init__(self, name, props, fmt, args, lineno, filename,
> orig=None,
>   event_trans=None, event_exec=None):
>  """
>  Parameters
> @@ -243,6 +247,10 @@ class Event(object):
>  Event printing format string(s).
>  args : Arguments
>  Event arguments.
> +lineno : int
> +The line number in the input file.
> +filename : str
> +The path to the input file.
>  orig : Event or None
>  Original Event before transformation/generation.
>  event_trans : Event or None
> @@ -255,6 +263,8 @@ class Event(object):
>  self.properties = props
>  self.fmt = fmt
>  self.args = args
> +self.lineno = int(lineno)
> +self.filename = str(filename)
>  self.event_trans = event_trans
>  self.event_exec = event_exec
>
> @@ -276,16 +286,21 @@ class Event(object):
>  def copy(self):
>  """Create a new copy."""
>  return Event(self.name, list(self.properties), self.fmt,
> - self.args.copy(), self, self.event_trans,
> self.event_exec)
> + self.args.copy(), self.lineno, self.filename,
> + self, self.event_trans, self.event_exec)
>
>  @staticmethod
> -def build(line_str):
> +def build(line_str, lineno, filename):
>  """Build an Event instance from a string.
>
>  Parameters
>  --
>  line_str : str
>  Line describing the event.
> +lineno : int
> +Line number in input file.
> +filename : str
> +Path to input file.
>  """
>  m = Event._CRE.match(line_str)
>  assert m is not None
> @@ -315,7 +330,7 @@ class Event(object):
>  if "tcg" in props and isinstance(fmt, str):
>  raise ValueError("Events with 'tcg' property must have two
> format strings")
>
> -event = Event(name, props, fmt, args)
> +event = Event(name, props, fmt, args, lineno, filename)
>
>  # add implicit arguments when using the 'vcpu' property
>  import tracetool.vcpu
> @@ -360,6 +375,8 @@ class Event(object):
>   list(self.properties),
>   self.fmt,
>   self.args.transform(*trans),
> + self.lineno,
> + self.filename,
>   self)
>
>
> @@ -386,7 +403,7 @@ def read_events(fobj, fname):
>  continue
>
>  try:
> -event = Event.build(line)
> +event = Event.build(line, lineno, fname)
>  except ValueError as e:
>  arg0 = 'Error at %s:%d: %s' % (fname, lineno, e.args[0])
>  e.args = (arg0,) + e.args[1:]
> --
> 2.26.2
>
>

Re: [PATCH] Deprecate lm32 port

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 14:07, Michael Walle  a écrit :

> Am 27. August 2020 13:32:59 MESZ schrieb Peter Maydell <
> peter.mayd...@linaro.org>:
> >Deprecate our lm32 target support. Michael Walle (former lm32
> >maintainer)
> >suggested that we do this in 2019:
> > https://www.mail-archive.com/qemu-devel@nongnu.org/msg605024.html
> >because the only public user of the architecture is the many-years-dead
> >milkymist project. (The Linux port to lm32 was never merged upstream.)
> >
> >In commit 4b4d96c776f552e (March 2020) we marked it as 'orphan' in
> >the MAINTAINERS file, but didn't officially deprecate it. Mark it
> >deprecated now, with the intention of removing it from QEMU in
> >mid-2021 before the 6.1 release.
> >
> >Signed-off-by: Peter Maydell 
>
> Acked-by: Michael Walle 
>

Thanks Michael for your contributions. I could learn few things looking at
the code and the git history.

Reviewed-by: Philippe Mathieu-Daudé 


> Thanks,
> -michael
>
>
>

Re: [PATCH 12/16] tests: do not print benchmark output to stdout

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 13:11,  a écrit :

> From: Marc-André Lureau 
>
> As this makes the TAP output invalid. Use g_test_message().
>
> Signed-off-by: Marc-André Lureau 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  tests/benchmark-crypto-cipher.c | 8 
>  tests/benchmark-crypto-hash.c   | 2 +-
>  tests/benchmark-crypto-hmac.c   | 8 
>  3 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/tests/benchmark-crypto-cipher.c
> b/tests/benchmark-crypto-cipher.c
> index 53032334ec..1936aa4ae0 100644
> --- a/tests/benchmark-crypto-cipher.c
> +++ b/tests/benchmark-crypto-cipher.c
> @@ -70,8 +70,8 @@ static void test_cipher_speed(size_t chunk_size,
>  }
>  g_test_timer_elapsed();
>
> -g_print("Enc chunk %zu bytes ", chunk_size);
> -g_print("%.2f MB/sec ", (double)total / MiB / g_test_timer_last());
> +g_test_message("Enc chunk %zu bytes ", chunk_size);
> +g_test_message("%.2f MB/sec ", (double)total / MiB /
> g_test_timer_last());
>
>  g_test_timer_start();
>  remain = total;
> @@ -85,8 +85,8 @@ static void test_cipher_speed(size_t chunk_size,
>  }
>  g_test_timer_elapsed();
>
> -g_print("Dec chunk %zu bytes ", chunk_size);
> -g_print("%.2f MB/sec ", (double)total / MiB / g_test_timer_last());
> +g_test_message("Dec chunk %zu bytes ", chunk_size);
> +g_test_message("%.2f MB/sec ", (double)total / MiB /
> g_test_timer_last());
>
>  qcrypto_cipher_free(cipher);
>  g_free(plaintext);
> diff --git a/tests/benchmark-crypto-hash.c b/tests/benchmark-crypto-hash.c
> index d16837d00a..598111e75a 100644
> --- a/tests/benchmark-crypto-hash.c
> +++ b/tests/benchmark-crypto-hash.c
> @@ -48,7 +48,7 @@ static void test_hash_speed(const void *opaque)
>  }
>  g_test_timer_elapsed();
>
> -g_print("%.2f MB/sec ", (double)total / MiB / g_test_timer_last());
> +g_test_message("%.2f MB/sec ", (double)total / MiB /
> g_test_timer_last());
>
>  g_free(out);
>  g_free(in);
> diff --git a/tests/benchmark-crypto-hmac.c b/tests/benchmark-crypto-hmac.c
> index f1dfa240cb..f9fa22df95 100644
> --- a/tests/benchmark-crypto-hmac.c
> +++ b/tests/benchmark-crypto-hmac.c
> @@ -55,10 +55,10 @@ static void test_hmac_speed(const void *opaque)
>  } while (g_test_timer_elapsed() < 5.0);
>
>  total /= MiB;
> -g_print("hmac(sha256): ");
> -g_print("Testing chunk_size %zu bytes ", chunk_size);
> -g_print("done: %.2f MB in %.2f secs: ", total, g_test_timer_last());
> -g_print("%.2f MB/sec\n", total / g_test_timer_last());
> +g_test_message("hmac(sha256): ");
> +g_test_message("Testing chunk_size %zu bytes ", chunk_size);
> +g_test_message("done: %.2f MB in %.2f secs: ", total,
> g_test_timer_last());
> +g_test_message("%.2f MB/sec\n", total / g_test_timer_last());
>
>  g_free(out);
>  g_free(in);
> --
> 2.26.2
>
>
>

[PATCH v4 15/18] [automated] Use OBJECT_DECLARE_TYPE where possible

[Eduardo Habkost]

Replace DECLARE_OBJ_CHECKERS with OBJECT_DECLARE_TYPE where the
typedefs can be safely removed.

Generated running:

$ ./scripts/codeconverter/converter.py -i \
  --pattern=DeclareObjCheckers $(git grep -l '' -- '*.[ch]')

Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes v2 -> v3:
* Removed hunks due to rebase conflict: include/hw/ppc/xive.h
  include/hw/arm/armsse.h
* Reviewed-by line from Daniel was kept, as no additional hunks
  are introduced in this version

Changes v1 -> v2:
* Script re-run after typedefs and macros were moved, and now the
  patch also touches:
  - TYPE_ARM_SSE
  - TYPE_SD_BUS

Signed-off-by: Eduardo Habkost 

---
Cc: "Marc-André Lureau" 
Cc: Gerd Hoffmann 
Cc: "Michael S. Tsirkin" 
Cc: "Daniel P. Berrangé" 
Cc: Peter Maydell 
Cc: Corey Minyard 
Cc: "Cédric Le Goater" 
Cc: David Gibson 
Cc: Cornelia Huck 
Cc: Thomas Huth 
Cc: Halil Pasic 
Cc: Christian Borntraeger 
Cc: "Philippe Mathieu-Daudé" 
Cc: Alistair Francis 
Cc: David Hildenbrand 
Cc: Laurent Vivier 
Cc: Amit Shah 
Cc: Stefano Stabellini 
Cc: Anthony Perard 
Cc: Paul Durrant 
Cc: Paolo Bonzini 
Cc: Fam Zheng 
Cc: "Gonglei (Arei)" 
Cc: Eduardo Habkost 
Cc: Igor Mammedov 
Cc: Stefan Berger 
Cc: Richard Henderson 
Cc: Michael Rolnik 
Cc: Sarah Harris 
Cc: "Edgar E. Iglesias" 
Cc: Michael Walle 
Cc: Aleksandar Markovic 
Cc: Aurelien Jarno 
Cc: Jiaxun Yang 
Cc: Aleksandar Rikalo 
Cc: Anthony Green 
Cc: Chris Wulff 
Cc: Marek Vasut 
Cc: Stafford Horne 
Cc: Palmer Dabbelt 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Cc: Yoshinori Sato 
Cc: Mark Cave-Ayland 
Cc: Artyom Tarasenko 
Cc: Guan Xuetao 
Cc: Max Filippov 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: qemu-...@nongnu.org
Cc: qemu-s3...@nongnu.org
Cc: qemu-bl...@nongnu.org
Cc: xen-de...@lists.xenproject.org
Cc: qemu-ri...@nongnu.org

Signed-off-by: Eduardo Habkost 
---
 hw/audio/intel-hda.h| 6 ++
 hw/display/virtio-vga.h | 6 ++
 include/authz/base.h| 6 ++
 include/authz/list.h| 6 ++
 include/authz/listfile.h| 6 ++
 include/authz/pamacct.h | 6 ++
 include/authz/simple.h  | 6 ++
 include/crypto/secret_common.h  | 6 ++
 include/crypto/secret_keyring.h | 6 ++
 include/hw/hyperv/vmbus.h   | 6 ++
 include/hw/i2c/i2c.h| 6 ++
 include/hw/i2c/smbus_slave.h| 6 ++
 include/hw/ipack/ipack.h| 6 ++
 include/hw/ipmi/ipmi.h  | 6 ++
 include/hw/mem/pc-dimm.h| 6 ++
 include/hw/ppc/pnv.h| 6 ++
 include/hw/ppc/pnv_core.h   | 6 ++
 include/hw/ppc/pnv_homer.h  | 6 ++
 include/hw/ppc/pnv_occ.h| 6 ++
 include/hw/ppc/pnv_psi.h| 6 ++
 include/hw/ppc/pnv_xive.h   | 6 ++
 include/hw/ppc/spapr_cpu_core.h | 6 ++
 include/hw/ppc/spapr_drc.h  | 6 ++
 include/hw/ppc/spapr_vio.h  | 6 ++
 include/hw/ppc/spapr_xive.h | 6 ++
 include/hw/ppc/xics.h   | 6 ++
 include/hw/s390x/event-facility.h   | 6 ++
 include/hw/s390x/s390_flic.h| 6 ++
 include/hw/s390x/sclp.h | 6 ++
 include/hw/sd/sd.h  | 6 ++
 include/hw/ssi/ssi.h| 6 ++
 include/hw/sysbus.h | 6 ++
 include/hw/virtio/virtio-gpu.h  | 6 ++
 include/hw/virtio/virtio-input.h| 6 ++
 include/hw/virtio/virtio-mem.h  | 6 ++
 include/hw/virtio/virtio-pmem.h | 6 ++
 include/hw/virtio/virtio-serial.h   | 6 ++
 include/hw/xen/xen-bus.h| 6 ++
 include/io/channel.h| 6 ++
 include/io/dns-resolver.h   | 6 ++
 include/io/net-listener.h   | 6 ++
 include/scsi/pr-manager.h   | 6 ++
 include/sysemu/cryptodev.h  | 6 ++
 include/sysemu/hostmem.h| 6 ++
 include/sysemu/rng.h| 6 ++
 include/sysemu/tpm_backend.h| 6 ++
 include/sysemu/vhost-user-backend.h | 6 ++
 target/alpha/cpu-qom.h  | 6 ++
 target/arm/cpu-qom.h| 6 ++
 target/avr/cpu-qom.h| 6 ++
 target/cris/cpu-qom.h   | 6 ++
 target/hppa/cpu-qom.h   | 6 ++
 target/i386/cpu-qom.h   | 6 ++
 target/lm32/cpu-qom.h   | 6 ++
 target/m68k/cpu-qom.h   | 6 ++
 target/microblaze/cpu-qom.h | 6 ++
 target/mips/cpu-qom.h   | 6 ++
 target/moxie/cpu.h  | 6 ++
 target/nios2/cpu.h  | 6 ++
 target/openrisc/cpu.h   | 6 ++
 target/ppc/cpu-qom.h| 6 ++
 target/riscv/cpu.h  | 6 ++
 target/s390x/cpu-qom.h  | 6 ++
 target/sh4/cpu-qom.h| 6 ++
 target/sparc/cpu-qom.h

Re: [PATCH] main-loop: Fix comment

[Philippe Mathieu-Daudé]

Le jeu. 27 août 2020 19:55, Stefan Weil  a écrit :

> Signed-off-by: Stefan Weil 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  include/qemu/main-loop.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
> index 8e98613656..d6892fd208 100644
> --- a/include/qemu/main-loop.h
> +++ b/include/qemu/main-loop.h
> @@ -52,7 +52,7 @@ int qemu_init_main_loop(Error **errp);
>   * repeatedly calls main_loop_wait(false).
>   *
>   * Main loop services include file descriptor callbacks, bottom halves
> - * and timers (defined in qemu-timer.h).  Bottom halves are similar to
> timers
> + * and timers (defined in qemu/timer.h).  Bottom halves are similar to
> timers
>   * that execute immediately, but have a lower overhead and scheduling them
>   * is wait-free, thread-safe and signal-safe.
>   *
> --
> 2.28.0
>
>

Re: [PATCH v2 2/7] target/arm: add ARMCPUClass->do_interrupt_locked

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> Adding ->do_interrupt_locked to ARMCPUClass is preparation for
> pushing the BQL down into the per-arch implementation of ->do_interrupt.
> 
> This is needed since ARM's *_cpu_exec_interrupt calls to *_do_interrupt.
> With the push down of the BQL into *_cpu_exec_interrupt and
> *_do_interrupt, *_cpu_exec_interrupt will call to ->do_interrupt
> with lock held.  Since ->do_interrupt also has the lock, we need a way
> to allow cpu_exec_interrupt to call do_interrupt with lock held.
> This patch solves this issue of *_cpu_exec_interrupt needing
> to call do_interrupt with lock held.
> 
> This patch is part of a series of transitions to move the
> BQL down into the do_interrupt per arch functions.  This set of
> transitions is needed to maintain bisectability.
> 
> This approach was suggested by Paolo Bonzini.
> For reference, here are two key posts in the discussion, explaining
> the reasoning/benefits of this approach.
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00784.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg01517.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg08731.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00044.html
> 
> Signed-off-by: Robert Foley 
> ---
>  target/arm/cpu-qom.h | 3 +++
>  target/arm/cpu.c | 5 +++--
>  target/arm/cpu_tcg.c | 5 +++--
>  3 files changed, 9 insertions(+), 4 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [PATCH v2 02/76] tests/tcg: Do not require FE_TOWARDZERO

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:22, Richard Henderson 
a écrit :

> This is optional in ISO C, and not all cpus provide it.
>
> Reviewed-by: Edgar E. Iglesias 
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  tests/tcg/multiarch/float_convs.c | 2 ++
>  tests/tcg/multiarch/float_madds.c | 2 ++
>  2 files changed, 4 insertions(+)
>
> diff --git a/tests/tcg/multiarch/float_convs.c
> b/tests/tcg/multiarch/float_convs.c
> index 47e24b8b16..e9be75c2d5 100644
> --- a/tests/tcg/multiarch/float_convs.c
> +++ b/tests/tcg/multiarch/float_convs.c
> @@ -30,7 +30,9 @@ float_mapping round_flags[] = {
>  #ifdef FE_DOWNWARD
>  { FE_DOWNWARD, "downwards" },
>  #endif
> +#ifdef FE_TOWARDZERO
>  { FE_TOWARDZERO, "to zero" }
> +#endif
>  };
>
>  static void print_input(float input)
> diff --git a/tests/tcg/multiarch/float_madds.c
> b/tests/tcg/multiarch/float_madds.c
> index eceb4ae38b..e422608ccd 100644
> --- a/tests/tcg/multiarch/float_madds.c
> +++ b/tests/tcg/multiarch/float_madds.c
> @@ -29,7 +29,9 @@ float_mapping round_flags[] = {
>  #ifdef FE_DOWNWARD
>  { FE_DOWNWARD, "downwards" },
>  #endif
> +#ifdef FE_TOWARDZERO
>  { FE_TOWARDZERO, "to zero" }
> +#endif
>  };
>
>
> --
> 2.25.1
>
>
>

[PATCH v4 17/18] [automated] Use OBJECT_DECLARE_TYPE where possible (pass 3)

[Eduardo Habkost]

Replace DECLARE_OBJ_CHECKERS with OBJECT_DECLARE_TYPE where the
typedefs can be safely removed.

Generated running:

$ ./scripts/codeconverter/converter.py -i \
  --pattern=DeclareObjCheckers $(git grep -l '' -- '*.[ch]')

Signed-off-by: Eduardo Habkost 
---
Changes series v3 -> v4: this is a new patch added in series v4

The script was re-run after series rebase.

This is being submitted as a separate patch to make review
easier, but it can be squashed into the previous patch once it
gets reviewed.
---
Cc: Peter Maydell 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 include/hw/arm/armsse.h | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h
index 452cbb5793..b844ef6bc0 100644
--- a/include/hw/arm/armsse.h
+++ b/include/hw/arm/armsse.h
@@ -108,10 +108,8 @@
 #include "qom/object.h"
 
 #define TYPE_ARM_SSE "arm-sse"
-typedef struct ARMSSE ARMSSE;
-typedef struct ARMSSEClass ARMSSEClass;
-DECLARE_OBJ_CHECKERS(ARMSSE, ARMSSEClass,
- ARM_SSE, TYPE_ARM_SSE)
+OBJECT_DECLARE_TYPE(ARMSSE, ARMSSEClass,
+arm_sse, ARM_SSE)
 
 /*
  * These type names are for specific IoTKit subsystems; other than
-- 
2.26.2

Re: [PATCH 2/4] hda-audio: Set instance_size at base class

[Philippe Mathieu-Daudé]

Le mer. 26 août 2020 19:12, Eduardo Habkost  a écrit :

> Setting instance_size correctly at the base class will help us
> avoid mistakes when declaring new subclasses.
>
> Signed-off-by: Eduardo Habkost 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
> Cc: Gerd Hoffmann 
> Cc: qemu-devel@nongnu.org
> ---
>  hw/audio/hda-codec.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/hw/audio/hda-codec.c b/hw/audio/hda-codec.c
> index cbd92b72f2..2d16448181 100644
> --- a/hw/audio/hda-codec.c
> +++ b/hw/audio/hda-codec.c
> @@ -898,6 +898,7 @@ static void hda_audio_base_class_init(ObjectClass
> *klass, void *data)
>  static const TypeInfo hda_audio_info = {
>  .name  = TYPE_HDA_AUDIO,
>  .parent= TYPE_HDA_CODEC_DEVICE,
> +.instance_size = sizeof(HDAAudioState),
>  .class_init= hda_audio_base_class_init,
>  .abstract  = true,
>  };
> @@ -914,7 +915,6 @@ static void hda_audio_output_class_init(ObjectClass
> *klass, void *data)
>  static const TypeInfo hda_audio_output_info = {
>  .name  = "hda-output",
>  .parent= TYPE_HDA_AUDIO,
> -.instance_size = sizeof(HDAAudioState),
>  .class_init= hda_audio_output_class_init,
>  };
>
> @@ -930,7 +930,6 @@ static void hda_audio_duplex_class_init(ObjectClass
> *klass, void *data)
>  static const TypeInfo hda_audio_duplex_info = {
>  .name  = "hda-duplex",
>  .parent= TYPE_HDA_AUDIO,
> -.instance_size = sizeof(HDAAudioState),
>  .class_init= hda_audio_duplex_class_init,
>  };
>
> @@ -946,7 +945,6 @@ static void hda_audio_micro_class_init(ObjectClass
> *klass, void *data)
>  static const TypeInfo hda_audio_micro_info = {
>  .name  = "hda-micro",
>  .parent= TYPE_HDA_AUDIO,
> -.instance_size = sizeof(HDAAudioState),
>  .class_init= hda_audio_micro_class_init,
>  };
>
> --
> 2.26.2
>
>
>

[PATCH v4 16/18] [automated] Use OBJECT_DECLARE_TYPE where possible (pass 2)

[Eduardo Habkost]

Replace DECLARE_OBJ_CHECKERS with OBJECT_DECLARE_TYPE where the
typedefs can be safely removed.

Generated running:

$ ./scripts/codeconverter/converter.py -i \
  --pattern=DeclareObjCheckers $(git grep -l '' -- '*.[ch]')

Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes series v2 -> v3: this is a new patch added in series v3

The script was re-run after rebase and after additional patches
were added to this series.

This is being submitted as a separate patch to make review
easier, but it can be squashed into the previous patch once it
gets reviewed.

---
Cc: David Gibson 
Cc: "Cédric Le Goater" 
Cc: Yoshinori Sato 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
---
 include/hw/ppc/xive.h | 6 ++
 target/rx/cpu-qom.h   | 6 ++
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
index 48595ab641..482fafccfd 100644
--- a/include/hw/ppc/xive.h
+++ b/include/hw/ppc/xive.h
@@ -345,12 +345,10 @@ struct XiveRouter {
 
 XiveFabric *xfb;
 };
-typedef struct XiveRouter XiveRouter;
 
 #define TYPE_XIVE_ROUTER "xive-router"
-typedef struct XiveRouterClass XiveRouterClass;
-DECLARE_OBJ_CHECKERS(XiveRouter, XiveRouterClass,
- XIVE_ROUTER, TYPE_XIVE_ROUTER)
+OBJECT_DECLARE_TYPE(XiveRouter, XiveRouterClass,
+xive_router, XIVE_ROUTER)
 
 struct XiveRouterClass {
 SysBusDeviceClass parent;
diff --git a/target/rx/cpu-qom.h b/target/rx/cpu-qom.h
index 05f5773ab1..6c5321078d 100644
--- a/target/rx/cpu-qom.h
+++ b/target/rx/cpu-qom.h
@@ -26,10 +26,8 @@
 
 #define TYPE_RX62N_CPU RX_CPU_TYPE_NAME("rx62n")
 
-typedef struct RXCPU RXCPU;
-typedef struct RXCPUClass RXCPUClass;
-DECLARE_OBJ_CHECKERS(RXCPU, RXCPUClass,
- RX_CPU, TYPE_RX_CPU)
+OBJECT_DECLARE_TYPE(RXCPU, RXCPUClass,
+rx_cpu, RX_CPU)
 
 /*
  * RXCPUClass:
-- 
2.26.2

Re: [PULL 00/18] Usb 20200831 patches

[Peter Maydell]

On Mon, 31 Aug 2020 at 09:41, Gerd Hoffmann  wrote:
>
> The following changes since commit 39335fab59e11cfda9b7cf63929825db2dd3a3e0:
>
>   Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.2-pull-=
> request' into staging (2020-08-28 22:30:11 +0100)
>
> are available in the Git repository at:
>
>   git://git.kraxel.org/qemu tags/usb-20200831-pull-request
>
> for you to fetch changes up to b946434f2659a182afc17e155be6791ebfb302eb:
>
>   usb: fix setup_len init (CVE-2020-14364) (2020-08-31 08:23:39 +0200)
>
> 
> usb: usb_packet_map fixes for ehci and xhci.
> usb: setup_len fix (CVE-2020-14364).
> usb: u2f key support (GSoC).
>  * v2: 32bit build fixed.
>  * v3: libu2f-emu dependency fixed.


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.

-- PMM

Re: [PATCH v2 03/76] tests/tcg: Do not require FE_* exception bits

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:22, Richard Henderson 
a écrit :

> Define anything that is missing as 0, so that flags & FE_FOO
> is false for any missing FOO.
>
> Reviewed-by: Edgar E. Iglesias 
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  tests/tcg/multiarch/float_helpers.h | 17 +
>  1 file changed, 17 insertions(+)
>
> diff --git a/tests/tcg/multiarch/float_helpers.h
> b/tests/tcg/multiarch/float_helpers.h
> index 6337bc66c1..309f3f4bf1 100644
> --- a/tests/tcg/multiarch/float_helpers.h
> +++ b/tests/tcg/multiarch/float_helpers.h
> @@ -8,6 +8,23 @@
>
>  #include 
>
> +/* Some hosts do not have support for all of these; not required by ISO
> C. */
> +#ifndef FE_OVERFLOW
> +#define FE_OVERFLOW 0
> +#endif
> +#ifndef FE_UNDERFLOW
> +#define FE_UNDERFLOW 0
> +#endif
> +#ifndef FE_DIVBYZERO
> +#define FE_DIVBYZERO 0
> +#endif
> +#ifndef FE_INEXACT
> +#define FE_INEXACT 0
> +#endif
> +#ifndef FE_INVALID
> +#define FE_INVALID 0
> +#endif
> +
>  /* Number of constants in each table */
>  int get_num_f16(void);
>  int get_num_f32(void);
> --
> 2.25.1
>
>
>

[PATCH v4 14/18] [semi-automated] Use DECLARE_*CHECKER* when possible (--force mode)

[Eduardo Habkost]

Separate run of the TypeCheckMacro converter using the --force
flag, for the cases where typedefs weren't found in the same
header nor in typedefs.h.

Generated initially using:

 $ ./scripts/codeconverter/converter.py --force -i \
   --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]')

Then each case was manually reviewed, and a comment was added
indicating what's unusual about those type checking
macros/functions.  Despite not following the usual pattern, the
changes in this patch were found to be safe.

Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes v2 -> v3: none

Changes v1 -> v2:
* Most of the old changes in this patch are now being handled by
  the regular TypeCheckMacro patch (without --force mode)
* Added comments added explaining why these unusual changes
  remain

---
Cc: "Michael S. Tsirkin" 
Cc: Paolo Bonzini 
Cc: Peter Maydell 
Cc: Beniamino Galvani 
Cc: Andrew Baumann 
Cc: "Philippe Mathieu-Daudé" 
Cc: Andrzej Zaborowski 
Cc: David Gibson 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: qemu-bl...@nongnu.org
Cc: qemu-...@nongnu.org
---
 include/hw/intc/arm_gic.h   | 9 +++--
 include/hw/intc/arm_gicv3.h | 8 +++-
 include/hw/ppc/xics_spapr.h | 4 +++-
 include/hw/virtio/virtio-mmio.h | 9 +++--
 hw/intc/apic.c  | 5 +++--
 hw/intc/arm_gic_kvm.c   | 9 +++--
 hw/intc/arm_gicv3_its_kvm.c | 8 +++-
 hw/intc/arm_gicv3_kvm.c | 9 +++--
 hw/sd/allwinner-sdhost.c| 5 +++--
 hw/sd/bcm2835_sdhost.c  | 5 +++--
 hw/sd/pxa2xx_mmci.c | 4 +++-
 hw/sd/sdhci.c   | 4 +++-
 12 files changed, 36 insertions(+), 43 deletions(-)

diff --git a/include/hw/intc/arm_gic.h b/include/hw/intc/arm_gic.h
index 704ef2b751..116ccbb5a9 100644
--- a/include/hw/intc/arm_gic.h
+++ b/include/hw/intc/arm_gic.h
@@ -74,12 +74,9 @@
 
 #define TYPE_ARM_GIC "arm_gic"
 typedef struct ARMGICClass ARMGICClass;
-#define ARM_GIC(obj) \
- OBJECT_CHECK(GICState, (obj), TYPE_ARM_GIC)
-#define ARM_GIC_CLASS(klass) \
- OBJECT_CLASS_CHECK(ARMGICClass, (klass), TYPE_ARM_GIC)
-#define ARM_GIC_GET_CLASS(obj) \
- OBJECT_GET_CLASS(ARMGICClass, (obj), TYPE_ARM_GIC)
+/* This is reusing the GICState typedef from TYPE_ARM_GIC_COMMON */
+DECLARE_OBJ_CHECKERS(GICState, ARMGICClass,
+ ARM_GIC, TYPE_ARM_GIC)
 
 struct ARMGICClass {
 /*< private >*/
diff --git a/include/hw/intc/arm_gicv3.h b/include/hw/intc/arm_gicv3.h
index 58e9131a33..a81a6ae7ec 100644
--- a/include/hw/intc/arm_gicv3.h
+++ b/include/hw/intc/arm_gicv3.h
@@ -17,11 +17,9 @@
 
 #define TYPE_ARM_GICV3 "arm-gicv3"
 typedef struct ARMGICv3Class ARMGICv3Class;
-#define ARM_GICV3(obj) OBJECT_CHECK(GICv3State, (obj), TYPE_ARM_GICV3)
-#define ARM_GICV3_CLASS(klass) \
- OBJECT_CLASS_CHECK(ARMGICv3Class, (klass), TYPE_ARM_GICV3)
-#define ARM_GICV3_GET_CLASS(obj) \
- OBJECT_GET_CLASS(ARMGICv3Class, (obj), TYPE_ARM_GICV3)
+/* This is reusing the GICState typedef from TYPE_ARM_GICV3_COMMON */
+DECLARE_OBJ_CHECKERS(GICv3State, ARMGICv3Class,
+ ARM_GICV3, TYPE_ARM_GICV3)
 
 struct ARMGICv3Class {
 /*< private >*/
diff --git a/include/hw/ppc/xics_spapr.h b/include/hw/ppc/xics_spapr.h
index 09e428de4e..0b8182e40b 100644
--- a/include/hw/ppc/xics_spapr.h
+++ b/include/hw/ppc/xics_spapr.h
@@ -31,7 +31,9 @@
 #include "qom/object.h"
 
 #define TYPE_ICS_SPAPR "ics-spapr"
-#define ICS_SPAPR(obj) OBJECT_CHECK(ICSState, (obj), TYPE_ICS_SPAPR)
+/* This is reusing the ICSState typedef from TYPE_ICS */
+DECLARE_INSTANCE_CHECKER(ICSState, ICS_SPAPR,
+ TYPE_ICS_SPAPR)
 
 int xics_kvm_connect(SpaprInterruptController *intc, uint32_t nr_servers,
  Error **errp);
diff --git a/include/hw/virtio/virtio-mmio.h b/include/hw/virtio/virtio-mmio.h
index dca651fd14..6a1c2c20d4 100644
--- a/include/hw/virtio/virtio-mmio.h
+++ b/include/hw/virtio/virtio-mmio.h
@@ -28,12 +28,9 @@
 /* QOM macros */
 /* virtio-mmio-bus */
 #define TYPE_VIRTIO_MMIO_BUS "virtio-mmio-bus"
-#define VIRTIO_MMIO_BUS(obj) \
-OBJECT_CHECK(VirtioBusState, (obj), TYPE_VIRTIO_MMIO_BUS)
-#define VIRTIO_MMIO_BUS_GET_CLASS(obj) \
-OBJECT_GET_CLASS(VirtioBusClass, (obj), TYPE_VIRTIO_MMIO_BUS)
-#define VIRTIO_MMIO_BUS_CLASS(klass) \
-OBJECT_CLASS_CHECK(VirtioBusClass, (klass), TYPE_VIRTIO_MMIO_BUS)
+/* This is reusing the VirtioBusState typedef from TYPE_VIRTIO_BUS */
+DECLARE_OBJ_CHECKERS(VirtioBusState, VirtioBusClass,
+ VIRTIO_MMIO_BUS, TYPE_VIRTIO_MMIO_BUS)
 
 /* virtio-mmio */
 #define TYPE_VIRTIO_MMIO "virtio-mmio"
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index e055bb3af2..b6a05e5439 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -40,8 +40,9 @@
 static APICCommonState *local_apics[MAX_APICS + 1];
 
 #define TYPE_APIC "apic"
-#define APIC(obj) \
-OBJECT_CHECK(APICCommonState, (obj), TYPE_APIC)
+/*This is reusing the APICCommonState 

Re: [PATCH v2 01/76] tests/tcg: Add microblaze to arches filter

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 16:20, Richard Henderson 
a écrit :

> Not attempting to use a single cross-compiler for both
> big-endian and little-endian at this time.
>
> Reviewed-by: Edgar E. Iglesias 
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  tests/tcg/configure.sh | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
> index 7d714f902a..598a50cd4f 100755
> --- a/tests/tcg/configure.sh
> +++ b/tests/tcg/configure.sh
> @@ -94,7 +94,7 @@ for target in $target_list; do
>  xtensa|xtensaeb)
>arches=xtensa
>;;
> -alpha|cris|hppa|i386|lm32|m68k|openrisc|riscv64|s390x|sh4|sparc64)
> +
> alpha|cris|hppa|i386|lm32|microblaze|microblazeel|m68k|openrisc|riscv64|s390x|sh4|sparc64)
>arches=$target
>;;
>  *)
> --
> 2.25.1
>
>
>

Re: [PATCH 1/3] softmmu/cpus: Only set parallel_cpus for SMP

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 20:04, Richard Henderson 
a écrit :

> Do not set parallel_cpus if there is only one cpu instantiated.
> This will allow tcg to use serial code to implement atomics.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  softmmu/cpus.c | 11 ++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/softmmu/cpus.c b/softmmu/cpus.c
> index a802e899ab..e3b98065c9 100644
> --- a/softmmu/cpus.c
> +++ b/softmmu/cpus.c
> @@ -1895,6 +1895,16 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
>  if (!tcg_region_inited) {
>  tcg_region_inited = 1;
>  tcg_region_init();
> +/*
> + * If MTTCG, and we will create multiple cpus,
> + * then we will have cpus running in parallel.
> + */
> +if (qemu_tcg_mttcg_enabled()) {
> +MachineState *ms = MACHINE(qdev_get_machine());
> +if (ms->smp.max_cpus > 1) {
> +parallel_cpus = true;
> +}
> +}
>  }
>
>  if (qemu_tcg_mttcg_enabled() || !single_tcg_cpu_thread) {
> @@ -1904,7 +1914,6 @@ static void qemu_tcg_init_vcpu(CPUState *cpu)
>
>  if (qemu_tcg_mttcg_enabled()) {
>  /* create a thread per vCPU with TCG (MTTCG) */
> -parallel_cpus = true;
>  snprintf(thread_name, VCPU_THREAD_NAME_SIZE, "CPU %d/TCG",
>   cpu->cpu_index);
>
> --
> 2.25.1
>
>
>

[PATCH v4 18/18] [automated] Use OBJECT_DECLARE_SIMPLE_TYPE when possible

[Eduardo Habkost]

Generated using:

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=ObjectDeclareType $(git grep -l '' -- '*.[ch]')

Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes v2 -> v3: none

Changes v1 -> v2: none

---
Cc: "Marc-André Lureau" 
Cc: "Daniel P. Berrangé" 
Cc: "Michael S. Tsirkin" 
Cc: Gerd Hoffmann 
Cc: qemu-devel@nongnu.org
---
 include/authz/list.h| 7 ++-
 include/authz/listfile.h| 7 ++-
 include/authz/pamacct.h | 7 ++-
 include/authz/simple.h  | 7 ++-
 include/crypto/secret_keyring.h | 7 ++-
 include/io/dns-resolver.h   | 7 ++-
 include/io/net-listener.h   | 7 ++-
 include/sysemu/vhost-user-backend.h | 7 ++-
 backends/dbus-vmstate.c | 7 ++-
 ui/input-barrier.c  | 7 ++-
 ui/input-linux.c| 7 ++-
 11 files changed, 22 insertions(+), 55 deletions(-)

diff --git a/include/authz/list.h b/include/authz/list.h
index e4e1040472..5676bb375c 100644
--- a/include/authz/list.h
+++ b/include/authz/list.h
@@ -27,8 +27,8 @@
 
 #define TYPE_QAUTHZ_LIST "authz-list"
 
-OBJECT_DECLARE_TYPE(QAuthZList, QAuthZListClass,
-qauthz_list, QAUTHZ_LIST)
+OBJECT_DECLARE_SIMPLE_TYPE(QAuthZList, qauthz_list,
+   QAUTHZ_LIST, QAuthZClass)
 
 
 
@@ -68,9 +68,6 @@ struct QAuthZList {
 };
 
 
-struct QAuthZListClass {
-QAuthZClass parent_class;
-};
 
 
 QAuthZList *qauthz_list_new(const char *id,
diff --git a/include/authz/listfile.h b/include/authz/listfile.h
index 89c5eafbfa..b491227bbe 100644
--- a/include/authz/listfile.h
+++ b/include/authz/listfile.h
@@ -27,8 +27,8 @@
 
 #define TYPE_QAUTHZ_LIST_FILE "authz-list-file"
 
-OBJECT_DECLARE_TYPE(QAuthZListFile, QAuthZListFileClass,
-qauthz_list_file, QAUTHZ_LIST_FILE)
+OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile, qauthz_list_file,
+   QAUTHZ_LIST_FILE, QAuthZClass)
 
 
 
@@ -87,9 +87,6 @@ struct QAuthZListFile {
 };
 
 
-struct QAuthZListFileClass {
-QAuthZClass parent_class;
-};
 
 
 QAuthZListFile *qauthz_list_file_new(const char *id,
diff --git a/include/authz/pamacct.h b/include/authz/pamacct.h
index 44bb5ff28d..7804853ddf 100644
--- a/include/authz/pamacct.h
+++ b/include/authz/pamacct.h
@@ -27,8 +27,8 @@
 
 #define TYPE_QAUTHZ_PAM "authz-pam"
 
-OBJECT_DECLARE_TYPE(QAuthZPAM, QAuthZPAMClass,
-qauthz_pam, QAUTHZ_PAM)
+OBJECT_DECLARE_SIMPLE_TYPE(QAuthZPAM, qauthz_pam,
+   QAUTHZ_PAM, QAuthZClass)
 
 
 
@@ -79,9 +79,6 @@ struct QAuthZPAM {
 };
 
 
-struct QAuthZPAMClass {
-QAuthZClass parent_class;
-};
 
 
 QAuthZPAM *qauthz_pam_new(const char *id,
diff --git a/include/authz/simple.h b/include/authz/simple.h
index ba4a5ec5ea..346fcb0c6c 100644
--- a/include/authz/simple.h
+++ b/include/authz/simple.h
@@ -26,8 +26,8 @@
 
 #define TYPE_QAUTHZ_SIMPLE "authz-simple"
 
-OBJECT_DECLARE_TYPE(QAuthZSimple, QAuthZSimpleClass,
-qauthz_simple, QAUTHZ_SIMPLE)
+OBJECT_DECLARE_SIMPLE_TYPE(QAuthZSimple, qauthz_simple,
+   QAUTHZ_SIMPLE, QAuthZClass)
 
 
 
@@ -62,9 +62,6 @@ struct QAuthZSimple {
 };
 
 
-struct QAuthZSimpleClass {
-QAuthZClass parent_class;
-};
 
 
 QAuthZSimple *qauthz_simple_new(const char *id,
diff --git a/include/crypto/secret_keyring.h b/include/crypto/secret_keyring.h
index cc2c7397db..73d2a8f501 100644
--- a/include/crypto/secret_keyring.h
+++ b/include/crypto/secret_keyring.h
@@ -26,8 +26,8 @@
 #include "crypto/secret_common.h"
 
 #define TYPE_QCRYPTO_SECRET_KEYRING "secret_keyring"
-OBJECT_DECLARE_TYPE(QCryptoSecretKeyring, QCryptoSecretKeyringClass,
-qcrypto_secret_keyring, QCRYPTO_SECRET_KEYRING)
+OBJECT_DECLARE_SIMPLE_TYPE(QCryptoSecretKeyring, qcrypto_secret_keyring,
+   QCRYPTO_SECRET_KEYRING, QCryptoSecretCommonClass)
 
 
 struct QCryptoSecretKeyring {
@@ -36,8 +36,5 @@ struct QCryptoSecretKeyring {
 };
 
 
-struct QCryptoSecretKeyringClass {
-QCryptoSecretCommonClass parent;
-};
 
 #endif /* QCRYPTO_SECRET_KEYRING_H */
diff --git a/include/io/dns-resolver.h b/include/io/dns-resolver.h
index 8ae4857e05..e248fba5bd 100644
--- a/include/io/dns-resolver.h
+++ b/include/io/dns-resolver.h
@@ -26,8 +26,8 @@
 #include "io/task.h"
 
 #define TYPE_QIO_DNS_RESOLVER "qio-dns-resolver"
-OBJECT_DECLARE_TYPE(QIODNSResolver, QIODNSResolverClass,
-qio_dns_resolver, QIO_DNS_RESOLVER)
+OBJECT_DECLARE_SIMPLE_TYPE(QIODNSResolver, qio_dns_resolver,
+   QIO_DNS_RESOLVER, ObjectClass)
 
 
 /**
@@ -133,9 +133,6 @@ struct QIODNSResolver {
 Object parent;
 };
 
-struct QIODNSResolverClass {
-ObjectClass parent;
-};
 
 
 /**
diff --git a/include/io/net-listener.h b/include/io/net-listener.h
index 4f0847ff19..60fad29ff4 100644
--- a/include/io/net-listener.h
+++ 

Re: [PATCH 2/3] tcg: Eliminate one store for in-place 128-bit dup_mem

[Philippe Mathieu-Daudé]

Le ven. 28 août 2020 20:04, Richard Henderson 
a écrit :

> Do not store back to the exact memory from which we just loaded.
>
> Signed-off-by: Richard Henderson 
>

Reviewed-by: Philippe Mathieu-Daudé 

---
>  tcg/tcg-op-gvec.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c
> index 793d4ba64c..fcc25b04e6 100644
> --- a/tcg/tcg-op-gvec.c
> +++ b/tcg/tcg-op-gvec.c
> @@ -1581,7 +1581,7 @@ void tcg_gen_gvec_dup_mem(unsigned vece, uint32_t
> dofs, uint32_t aofs,
>  TCGv_vec in = tcg_temp_new_vec(TCG_TYPE_V128);
>
>  tcg_gen_ld_vec(in, cpu_env, aofs);
> -for (i = 0; i < oprsz; i += 16) {
> +for (i = (aofs == dofs) * 16; i < oprsz; i += 16) {
>  tcg_gen_st_vec(in, cpu_env, dofs + i);
>  }
>  tcg_temp_free_vec(in);
> @@ -1591,7 +1591,7 @@ void tcg_gen_gvec_dup_mem(unsigned vece, uint32_t
> dofs, uint32_t aofs,
>
>  tcg_gen_ld_i64(in0, cpu_env, aofs);
>  tcg_gen_ld_i64(in1, cpu_env, aofs + 8);
> -for (i = 0; i < oprsz; i += 16) {
> +for (i = (aofs == dofs) * 16; i < oprsz; i += 16) {
>  tcg_gen_st_i64(in0, cpu_env, dofs + i);
>  tcg_gen_st_i64(in1, cpu_env, dofs + i + 8);
>  }
> --
> 2.25.1
>
>
>

[PATCH v4 10/18] [automated] Move QOM typedefs and add missing includes (pass 3)

[Eduardo Habkost]

Some typedefs and macros are defined after the type check macros.
This makes it difficult to automatically replace their
definitions with OBJECT_DECLARE_TYPE.

Patch generated using:

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]')

which will split "typdef struct { ... } TypedefName"
declarations.

Followed by:

 $ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \
$(git grep -l '' -- '*.[ch]')

which will:
- move the typedefs and #defines above the type check macros
- add missing #include "qom/object.h" lines if necessary

Signed-off-by: Eduardo Habkost 
---
Changes series v3 -> v4: this is a new patch added in series v4

The script was re-run after series rebase.

This is being submitted as a separate patch to make review
easier, but it can be squashed into the previous patch once it
gets reviewed.
---
Cc: Richard Henderson 
Cc: Helge Deller 
Cc: Peter Maydell 
Cc: Palmer Dabbelt 
Cc: Alistair Francis 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Cc: Raphael Norwitz 
Cc: "Michael S. Tsirkin" 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: qemu-ri...@nongnu.org
---
 include/hw/arm/armsse.h| 11 +++
 include/hw/riscv/spike.h   |  6 --
 include/hw/virtio/vhost-user-blk.h |  6 --
 hw/hppa/lasi.c |  6 --
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h
index 347b977ae5..e5788e9d3c 100644
--- a/include/hw/arm/armsse.h
+++ b/include/hw/arm/armsse.h
@@ -105,8 +105,11 @@
 #include "hw/or-irq.h"
 #include "hw/core/split-irq.h"
 #include "hw/cpu/cluster.h"
+#include "qom/object.h"
 
 #define TYPE_ARM_SSE "arm-sse"
+typedef struct ARMSSE ARMSSE;
+typedef struct ARMSSEClass ARMSSEClass;
 #define ARM_SSE(obj) OBJECT_CHECK(ARMSSE, (obj), TYPE_ARM_SSE)
 
 /*
@@ -140,7 +143,7 @@
 #define RAM3_PPU 6
 #define NUM_PPUS 7
 
-typedef struct ARMSSE {
+struct ARMSSE {
 /*< private >*/
 SysBusDevice parent_obj;
 
@@ -215,14 +218,14 @@ typedef struct ARMSSE {
 uint32_t init_svtor;
 bool cpu_fpu[SSE_MAX_CPUS];
 bool cpu_dsp[SSE_MAX_CPUS];
-} ARMSSE;
+};
 
 typedef struct ARMSSEInfo ARMSSEInfo;
 
-typedef struct ARMSSEClass {
+struct ARMSSEClass {
 SysBusDeviceClass parent_class;
 const ARMSSEInfo *info;
-} ARMSSEClass;
+};
 
 #define ARM_SSE_CLASS(klass) \
 OBJECT_CLASS_CHECK(ARMSSEClass, (klass), TYPE_ARM_SSE)
diff --git a/include/hw/riscv/spike.h b/include/hw/riscv/spike.h
index b0a18a9c94..121396d07a 100644
--- a/include/hw/riscv/spike.h
+++ b/include/hw/riscv/spike.h
@@ -21,15 +21,17 @@
 
 #include "hw/riscv/riscv_hart.h"
 #include "hw/sysbus.h"
+#include "qom/object.h"
 
 #define SPIKE_CPUS_MAX 8
 #define SPIKE_SOCKETS_MAX 8
 
 #define TYPE_SPIKE_MACHINE MACHINE_TYPE_NAME("spike")
+typedef struct SpikeState SpikeState;
 #define SPIKE_MACHINE(obj) \
 OBJECT_CHECK(SpikeState, (obj), TYPE_SPIKE_MACHINE)
 
-typedef struct {
+struct SpikeState {
 /*< private >*/
 MachineState parent;
 
@@ -37,7 +39,7 @@ typedef struct {
 RISCVHartArrayState soc[SPIKE_SOCKETS_MAX];
 void *fdt;
 int fdt_size;
-} SpikeState;
+};
 
 enum {
 SPIKE_MROM,
diff --git a/include/hw/virtio/vhost-user-blk.h 
b/include/hw/virtio/vhost-user-blk.h
index 292d17147c..9d38877907 100644
--- a/include/hw/virtio/vhost-user-blk.h
+++ b/include/hw/virtio/vhost-user-blk.h
@@ -20,14 +20,16 @@
 #include "chardev/char-fe.h"
 #include "hw/virtio/vhost.h"
 #include "hw/virtio/vhost-user.h"
+#include "qom/object.h"
 
 #define TYPE_VHOST_USER_BLK "vhost-user-blk"
+typedef struct VHostUserBlk VHostUserBlk;
 #define VHOST_USER_BLK(obj) \
 OBJECT_CHECK(VHostUserBlk, (obj), TYPE_VHOST_USER_BLK)
 
 #define VHOST_USER_BLK_AUTO_NUM_QUEUES UINT16_MAX
 
-typedef struct VHostUserBlk {
+struct VHostUserBlk {
 VirtIODevice parent_obj;
 CharBackend chardev;
 int32_t bootindex;
@@ -41,6 +43,6 @@ typedef struct VHostUserBlk {
 struct vhost_virtqueue *vhost_vqs;
 VirtQueue **virtqs;
 bool connected;
-} VHostUserBlk;
+};
 
 #endif
diff --git a/hw/hppa/lasi.c b/hw/hppa/lasi.c
index 194aa3e619..1acb9ce631 100644
--- a/hw/hppa/lasi.c
+++ b/hw/hppa/lasi.c
@@ -26,6 +26,7 @@
 #include "hw/input/lasips2.h"
 #include "exec/address-spaces.h"
 #include "migration/vmstate.h"
+#include "qom/object.h"
 
 #define TYPE_LASI_CHIP "lasi-chip"
 
@@ -52,10 +53,11 @@
 #define ICR_BUS_ERROR_BIT  LASI_BIT(8)  /* bit 8 in ICR */
 #define ICR_TOC_BITLASI_BIT(1)  /* bit 1 in ICR */
 
+typedef struct LasiState LasiState;
 #define LASI_CHIP(obj) \
 OBJECT_CHECK(LasiState, (obj), TYPE_LASI_CHIP)
 
-typedef struct LasiState {
+struct LasiState {
 PCIHostState parent_obj;
 
 uint32_t irr;
@@ -70,7 +72,7 @@ typedef struct LasiState {
 time_t rtc_ref;
 
 MemoryRegion this_mem;
-} LasiState;
+};
 
 static bool lasi_chip_mem_valid(void *opaque, hwaddr addr,
 unsigned 

Re: [PATCH v2 1/7] target: rename all *_do_interupt functions to _do_interrupt_locked

[Richard Henderson]

On 8/19/20 11:28 AM, Robert Foley wrote:
> The rename of all *_do_interrupt functions to *_do_interrupt_locked
> is preparation for pushing the BQL lock around these functions
> down into the per-arch implementation of *_do_interrupt.
> In a later patch which pushes down the lock, we will add
> a new *_do_interrupt function which grabs the BQL and calls to
> *_do_interrupt_locked.
> 
> This is the first patch in a series of transitions to move the
> BQL down into the do_interrupt per arch function.  This set of
> transitions is needed to maintain bisectability.
> 
> The purpose of this set of changes is to set the groundwork
> so that an arch could move towards removing
> the BQL from the cpu_handle_interrupt/exception paths.
> 
> This approach was suggested by Paolo Bonzini.
> For reference, here are key posts in the discussion, explaining
> the reasoning/benefits of this approach.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00784.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg01517.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg08731.html
> https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg00044.html
> 
> Signed-off-by: Robert Foley 
> ---

Reviewed-by: Richard Henderson 


r~

[PATCH v4 13/18] [automated] Use DECLARE_*CHECKER* macros (pass 3)

[Eduardo Habkost]

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]')

Signed-off-by: Eduardo Habkost 
---
Changes series v3 -> v4: this is a new patch added in series v4

The script was re-run after series rebase.

This is being submitted as a separate patch to make review
easier, but it can be squashed into the previous patch once it
gets reviewed.
---
Cc: Richard Henderson 
Cc: Helge Deller 
Cc: Peter Maydell 
Cc: Palmer Dabbelt 
Cc: Alistair Francis 
Cc: Sagar Karandikar 
Cc: Bastian Koppelmann 
Cc: Raphael Norwitz 
Cc: "Michael S. Tsirkin" 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: qemu-ri...@nongnu.org
---
 include/hw/arm/armsse.h| 7 ++-
 include/hw/riscv/spike.h   | 4 ++--
 include/hw/virtio/vhost-user-blk.h | 4 ++--
 hw/hppa/lasi.c | 4 ++--
 4 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/include/hw/arm/armsse.h b/include/hw/arm/armsse.h
index e5788e9d3c..452cbb5793 100644
--- a/include/hw/arm/armsse.h
+++ b/include/hw/arm/armsse.h
@@ -110,7 +110,8 @@
 #define TYPE_ARM_SSE "arm-sse"
 typedef struct ARMSSE ARMSSE;
 typedef struct ARMSSEClass ARMSSEClass;
-#define ARM_SSE(obj) OBJECT_CHECK(ARMSSE, (obj), TYPE_ARM_SSE)
+DECLARE_OBJ_CHECKERS(ARMSSE, ARMSSEClass,
+ ARM_SSE, TYPE_ARM_SSE)
 
 /*
  * These type names are for specific IoTKit subsystems; other than
@@ -227,9 +228,5 @@ struct ARMSSEClass {
 const ARMSSEInfo *info;
 };
 
-#define ARM_SSE_CLASS(klass) \
-OBJECT_CLASS_CHECK(ARMSSEClass, (klass), TYPE_ARM_SSE)
-#define ARM_SSE_GET_CLASS(obj) \
-OBJECT_GET_CLASS(ARMSSEClass, (obj), TYPE_ARM_SSE)
 
 #endif
diff --git a/include/hw/riscv/spike.h b/include/hw/riscv/spike.h
index 121396d07a..cddeca2e77 100644
--- a/include/hw/riscv/spike.h
+++ b/include/hw/riscv/spike.h
@@ -28,8 +28,8 @@
 
 #define TYPE_SPIKE_MACHINE MACHINE_TYPE_NAME("spike")
 typedef struct SpikeState SpikeState;
-#define SPIKE_MACHINE(obj) \
-OBJECT_CHECK(SpikeState, (obj), TYPE_SPIKE_MACHINE)
+DECLARE_INSTANCE_CHECKER(SpikeState, SPIKE_MACHINE,
+ TYPE_SPIKE_MACHINE)
 
 struct SpikeState {
 /*< private >*/
diff --git a/include/hw/virtio/vhost-user-blk.h 
b/include/hw/virtio/vhost-user-blk.h
index 9d38877907..dc40ab6f11 100644
--- a/include/hw/virtio/vhost-user-blk.h
+++ b/include/hw/virtio/vhost-user-blk.h
@@ -24,8 +24,8 @@
 
 #define TYPE_VHOST_USER_BLK "vhost-user-blk"
 typedef struct VHostUserBlk VHostUserBlk;
-#define VHOST_USER_BLK(obj) \
-OBJECT_CHECK(VHostUserBlk, (obj), TYPE_VHOST_USER_BLK)
+DECLARE_INSTANCE_CHECKER(VHostUserBlk, VHOST_USER_BLK,
+ TYPE_VHOST_USER_BLK)
 
 #define VHOST_USER_BLK_AUTO_NUM_QUEUES UINT16_MAX
 
diff --git a/hw/hppa/lasi.c b/hw/hppa/lasi.c
index 1acb9ce631..c0b970f55c 100644
--- a/hw/hppa/lasi.c
+++ b/hw/hppa/lasi.c
@@ -54,8 +54,8 @@
 #define ICR_TOC_BITLASI_BIT(1)  /* bit 1 in ICR */
 
 typedef struct LasiState LasiState;
-#define LASI_CHIP(obj) \
-OBJECT_CHECK(LasiState, (obj), TYPE_LASI_CHIP)
+DECLARE_INSTANCE_CHECKER(LasiState, LASI_CHIP,
+ TYPE_LASI_CHIP)
 
 struct LasiState {
 PCIHostState parent_obj;
-- 
2.26.2

[PATCH v4 06/18] codeconverter: script for automating QOM code cleanups

[Eduardo Habkost]

This started as a simple script that scanned for regular
expressions, but became more and more complex when exceptions to
the rules were found.

I don't know if this should be maintained in the QEMU source tree
long term (maybe it can be reused for other code transformations
that Coccinelle can't handle).  In either case, this is included
as part of the patch series to document how exactly the automated
code transformations in the next patches were done.

Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4:
* Add copyright header to all modules
* Added entry to MAINTAINERS

Changes v2 -> v3:
* Too many, lost track of them
* Made code that replaces type_register* with TYPE_INFO more
  flexible
* New code for handling TypeInfo variables and checking
  instance/class sizes

Changes v1 -> v2:
* Don't warn/skip TypeCheckMacro conversion if typedefs
  are found in typedefs.h
* Convert type check macros that use "struct [...]"
  without --force
---
 .../codeconverter/codeconverter/__init__.py   |   0
 .../codeconverter/codeconverter/patching.py   | 397 +++
 .../codeconverter/codeconverter/qom_macros.py | 652 ++
 .../codeconverter/qom_type_info.py| 434 
 .../codeconverter/codeconverter/regexps.py| 118 
 .../codeconverter/test_patching.py| 105 +++
 .../codeconverter/test_regexps.py | 282 
 scripts/codeconverter/codeconverter/utils.py  |  72 ++
 scripts/codeconverter/converter.py| 123 
 MAINTAINERS   |   5 +
 10 files changed, 2188 insertions(+)
 create mode 100644 scripts/codeconverter/codeconverter/__init__.py
 create mode 100644 scripts/codeconverter/codeconverter/patching.py
 create mode 100644 scripts/codeconverter/codeconverter/qom_macros.py
 create mode 100644 scripts/codeconverter/codeconverter/qom_type_info.py
 create mode 100644 scripts/codeconverter/codeconverter/regexps.py
 create mode 100644 scripts/codeconverter/codeconverter/test_patching.py
 create mode 100644 scripts/codeconverter/codeconverter/test_regexps.py
 create mode 100644 scripts/codeconverter/codeconverter/utils.py
 create mode 100755 scripts/codeconverter/converter.py

diff --git a/scripts/codeconverter/codeconverter/__init__.py 
b/scripts/codeconverter/codeconverter/__init__.py
new file mode 100644
index 00..e69de29bb2
diff --git a/scripts/codeconverter/codeconverter/patching.py 
b/scripts/codeconverter/codeconverter/patching.py
new file mode 100644
index 00..627a1a1b04
--- /dev/null
+++ b/scripts/codeconverter/codeconverter/patching.py
@@ -0,0 +1,397 @@
+# Copyright (C) 2020 Red Hat Inc.
+#
+# Authors:
+#  Eduardo Habkost 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+from typing import IO, Match, NamedTuple, Optional, Literal, Iterable, Type, 
Dict, List, Any, TypeVar, NewType, Tuple
+from pathlib import Path
+from itertools import chain
+from tempfile import NamedTemporaryFile
+import os
+import re
+import subprocess
+from io import StringIO
+
+import logging
+logger = logging.getLogger(__name__)
+DBG = logger.debug
+INFO = logger.info
+WARN = logger.warning
+ERROR = logger.error
+
+from .utils import *
+
+T = TypeVar('T')
+
+class Patch(NamedTuple):
+# start inside file.original_content
+start: int
+# end position inside file.original_content
+end: int
+# replacement string for file.original_content[start:end]
+replacement: str
+
+IdentifierType = Literal['type', 'symbol', 'include', 'constant']
+class RequiredIdentifier(NamedTuple):
+type: IdentifierType
+name: str
+
+class FileMatch:
+"""Base class for regex matches
+
+Subclasses just need to set the `regexp` class attribute
+"""
+regexp: Optional[str] = None
+
+def __init__(self, f: 'FileInfo', m: Match) -> None:
+self.file: 'FileInfo' = f
+self.match: Match = m
+
+@property
+def name(self) -> str:
+if 'name' not in self.match.groupdict():
+return '[no name]'
+return self.group('name')
+
+@classmethod
+def compiled_re(klass):
+return re.compile(klass.regexp, re.MULTILINE)
+
+def start(self) -> int:
+return self.match.start()
+
+def end(self) -> int:
+return self.match.end()
+
+def line_col(self) -> LineAndColumn:
+return self.file.line_col(self.start())
+
+def group(self, *args):
+return self.match.group(*args)
+
+def log(self, level, fmt, *args) -> None:
+pos = self.line_col()
+logger.log(level, '%s:%d:%d: '+fmt, self.file.filename, pos.line, 
pos.col, *args)
+
+def debug(self, fmt, *args) -> None:
+self.log(logging.DEBUG, fmt, *args)
+
+def info(self, fmt, *args) -> None:
+self.log(logging.INFO, fmt, *args)
+
+def warn(self, fmt, *args) -> None:
+self.log(logging.WARNING, fmt, *args)
+
+def error(self, fmt, *args) -> None:
+

[PATCH v4 12/18] [automated] Use DECLARE_*CHECKER* macros (pass 2)

[Eduardo Habkost]

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]')

Reviewed-by: Juan Quintela 
Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes series v2 -> v3: this is a new patch added in series v3

The script was re-run after rebase and after additional patches
were added to this series.

This is being submitted as a separate patch to make review
easier, but it can be squashed into the previous patch once it
gets reviewed.

---
Cc: Peter Maydell 
Cc: Laurent Vivier 
Cc: "Michael S. Tsirkin" 
Cc: Marcel Apfelbaum 
Cc: Peter Chubb 
Cc: Mark Cave-Ayland 
Cc: David Gibson 
Cc: "Cédric Le Goater" 
Cc: Cornelia Huck 
Cc: Halil Pasic 
Cc: Christian Borntraeger 
Cc: Thomas Huth 
Cc: Juan Quintela 
Cc: "Dr. David Alan Gilbert" 
Cc: Yoshinori Sato 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: qemu-s3...@nongnu.org
---
 include/hw/block/swim.h|  3 ++-
 include/hw/display/macfb.h |  8 ++-
 include/hw/i386/x86-iommu.h|  8 ++-
 include/hw/misc/imx_ccm.h  |  8 ++-
 include/hw/misc/mos6522.h  |  7 ++
 include/hw/ppc/xive.h  | 36 --
 include/hw/rdma/rdma.h |  6 +
 include/hw/s390x/s390-virtio-ccw.h |  6 ++---
 migration/migration.h  |  8 ++-
 target/arm/cpu-qom.h   |  6 ++---
 target/rx/cpu-qom.h|  8 ++-
 hw/arm/integratorcp.c  | 12 +-
 hw/arm/versatilepb.c   |  4 ++--
 hw/sd/pl181.c  |  3 ++-
 14 files changed, 43 insertions(+), 80 deletions(-)

diff --git a/include/hw/block/swim.h b/include/hw/block/swim.h
index 29fccb41f1..8287da7c30 100644
--- a/include/hw/block/swim.h
+++ b/include/hw/block/swim.h
@@ -71,7 +71,8 @@ struct SWIMCtrl {
 
 #define TYPE_SWIM "swim"
 typedef struct Swim Swim;
-#define SWIM(obj) OBJECT_CHECK(Swim, (obj), TYPE_SWIM)
+DECLARE_INSTANCE_CHECKER(Swim, SWIM,
+ TYPE_SWIM)
 
 struct Swim {
 SysBusDevice parent_obj;
diff --git a/include/hw/display/macfb.h b/include/hw/display/macfb.h
index f317fe93d9..0960480b75 100644
--- a/include/hw/display/macfb.h
+++ b/include/hw/display/macfb.h
@@ -45,10 +45,8 @@ struct MacfbSysBusState {
 #define TYPE_NUBUS_MACFB "nubus-macfb"
 typedef struct MacfbNubusDeviceClass MacfbNubusDeviceClass;
 typedef struct MacfbNubusState MacfbNubusState;
-#define NUBUS_MACFB_CLASS(class) \
-OBJECT_CLASS_CHECK(MacfbNubusDeviceClass, (class), TYPE_NUBUS_MACFB)
-#define NUBUS_MACFB_GET_CLASS(obj) \
-OBJECT_GET_CLASS(MacfbNubusDeviceClass, (obj), TYPE_NUBUS_MACFB)
+DECLARE_OBJ_CHECKERS(MacfbNubusState, MacfbNubusDeviceClass,
+ NUBUS_MACFB, TYPE_NUBUS_MACFB)
 
 struct MacfbNubusDeviceClass {
 DeviceClass parent_class;
@@ -56,8 +54,6 @@ struct MacfbNubusDeviceClass {
 DeviceRealize parent_realize;
 };
 
-#define NUBUS_MACFB(obj) \
-OBJECT_CHECK(MacfbNubusState, (obj), TYPE_NUBUS_MACFB)
 
 struct MacfbNubusState {
 NubusDevice busdev;
diff --git a/include/hw/i386/x86-iommu.h b/include/hw/i386/x86-iommu.h
index dae2eab800..bbfaf44e79 100644
--- a/include/hw/i386/x86-iommu.h
+++ b/include/hw/i386/x86-iommu.h
@@ -28,12 +28,8 @@
 #define  TYPE_X86_IOMMU_DEVICE  ("x86-iommu")
 typedef struct X86IOMMUClass X86IOMMUClass;
 typedef struct X86IOMMUState X86IOMMUState;
-#define  X86_IOMMU_DEVICE(obj) \
-OBJECT_CHECK(X86IOMMUState, (obj), TYPE_X86_IOMMU_DEVICE)
-#define  X86_IOMMU_DEVICE_CLASS(klass) \
-OBJECT_CLASS_CHECK(X86IOMMUClass, (klass), TYPE_X86_IOMMU_DEVICE)
-#define  X86_IOMMU_DEVICE_GET_CLASS(obj) \
-OBJECT_GET_CLASS(X86IOMMUClass, obj, TYPE_X86_IOMMU_DEVICE)
+DECLARE_OBJ_CHECKERS(X86IOMMUState, X86IOMMUClass,
+ X86_IOMMU_DEVICE, TYPE_X86_IOMMU_DEVICE)
 
 #define X86_IOMMU_SID_INVALID (0x)
 
diff --git a/include/hw/misc/imx_ccm.h b/include/hw/misc/imx_ccm.h
index 174248e5df..e9d82a2a50 100644
--- a/include/hw/misc/imx_ccm.h
+++ b/include/hw/misc/imx_ccm.h
@@ -30,12 +30,8 @@
 #define TYPE_IMX_CCM "imx.ccm"
 typedef struct IMXCCMClass IMXCCMClass;
 typedef struct IMXCCMState IMXCCMState;
-#define IMX_CCM(obj) \
- OBJECT_CHECK(IMXCCMState, (obj), TYPE_IMX_CCM)
-#define IMX_CCM_CLASS(klass) \
- OBJECT_CLASS_CHECK(IMXCCMClass, (klass), TYPE_IMX_CCM)
-#define IMX_CCM_GET_CLASS(obj) \
- OBJECT_GET_CLASS(IMXCCMClass, (obj), TYPE_IMX_CCM)
+DECLARE_OBJ_CHECKERS(IMXCCMState, IMXCCMClass,
+ IMX_CCM, TYPE_IMX_CCM)
 
 struct IMXCCMState {
 /*  */
diff --git a/include/hw/misc/mos6522.h b/include/hw/misc/mos6522.h
index b099814879..f73271ba67 100644
--- a/include/hw/misc/mos6522.h
+++ b/include/hw/misc/mos6522.h
@@ -126,7 +126,8 @@ typedef struct MOS6522State MOS6522State;
 
 #define TYPE_MOS6522 "mos6522"
 typedef struct MOS6522DeviceClass MOS6522DeviceClass;
-#define MOS6522(obj) OBJECT_CHECK(MOS6522State, (obj), TYPE_MOS6522)

[PATCH v4 04/18] qom: DECLARE_*_CHECKERS macros

[Eduardo Habkost]

Sometimes the typedefs are buried inside another header, but
we want to benefit from the automatic definition of type cast
functions.  Introduce macros that will let type checkers be
defined when typedefs are already available.

Reviewed-by: Daniel P. Berrangé 
Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes v2 -> v3: none

Changes v1 -> v2: none
---
 include/qom/object.h | 72 +++-
 1 file changed, 58 insertions(+), 14 deletions(-)

diff --git a/include/qom/object.h b/include/qom/object.h
index 500e7dfa99..4cd84998c2 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -553,6 +553,62 @@ struct Object
 Object *parent;
 };
 
+/**
+ * DECLARE_INSTANCE_CHECKER:
+ * @InstanceType: instance struct name
+ * @OBJ_NAME: the object name in uppercase with underscore separators
+ * @TYPENAME: type name
+ *
+ * Direct usage of this macro should be avoided, and the complete
+ * OBJECT_DECLARE_TYPE macro is recommended instead.
+ *
+ * This macro will provide the three standard type cast functions for a
+ * QOM type.
+ */
+#define DECLARE_INSTANCE_CHECKER(InstanceType, OBJ_NAME, TYPENAME) \
+static inline G_GNUC_UNUSED InstanceType * \
+OBJ_NAME(void *obj) \
+{ return OBJECT_CHECK(InstanceType, obj, TYPENAME); }
+
+/**
+ * DECLARE_CLASS_CHECKERS:
+ * @ClassType: class struct name
+ * @OBJ_NAME: the object name in uppercase with underscore separators
+ * @TYPENAME: type name
+ *
+ * Direct usage of this macro should be avoided, and the complete
+ * OBJECT_DECLARE_TYPE macro is recommended instead.
+ *
+ * This macro will provide the three standard type cast functions for a
+ * QOM type.
+ */
+#define DECLARE_CLASS_CHECKERS(ClassType, OBJ_NAME, TYPENAME) \
+static inline G_GNUC_UNUSED ClassType * \
+OBJ_NAME##_GET_CLASS(void *obj) \
+{ return OBJECT_GET_CLASS(ClassType, obj, TYPENAME); } \
+\
+static inline G_GNUC_UNUSED ClassType * \
+OBJ_NAME##_CLASS(void *klass) \
+{ return OBJECT_CLASS_CHECK(ClassType, klass, TYPENAME); }
+
+/**
+ * DECLARE_OBJ_CHECKERS:
+ * @InstanceType: instance struct name
+ * @ClassType: class struct name
+ * @OBJ_NAME: the object name in uppercase with underscore separators
+ * @TYPENAME: type name
+ *
+ * Direct usage of this macro should be avoided, and the complete
+ * OBJECT_DECLARE_TYPE macro is recommended instead.
+ *
+ * This macro will provide the three standard type cast functions for a
+ * QOM type.
+ */
+#define DECLARE_OBJ_CHECKERS(InstanceType, ClassType, OBJ_NAME, TYPENAME) \
+DECLARE_INSTANCE_CHECKER(InstanceType, OBJ_NAME, TYPENAME) \
+\
+DECLARE_CLASS_CHECKERS(ClassType, OBJ_NAME, TYPENAME)
+
 /**
  * OBJECT_DECLARE_TYPE:
  * @InstanceType: instance struct name
@@ -574,20 +630,8 @@ struct Object
 \
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(InstanceType, object_unref) \
 \
-static inline G_GNUC_UNUSED ClassType * \
-MODULE_OBJ_NAME##_GET_CLASS(void *obj) \
-{ return OBJECT_GET_CLASS(ClassType, obj, \
-  TYPE_##MODULE_OBJ_NAME); } \
-\
-static inline G_GNUC_UNUSED ClassType * \
-MODULE_OBJ_NAME##_CLASS(void *klass) \
-{ return OBJECT_CLASS_CHECK(ClassType, klass, \
-TYPE_##MODULE_OBJ_NAME); } \
-\
-static inline G_GNUC_UNUSED InstanceType * \
-MODULE_OBJ_NAME(void *obj) \
-{ return OBJECT_CHECK(InstanceType, obj, \
-  TYPE_##MODULE_OBJ_NAME); }
+DECLARE_OBJ_CHECKERS(InstanceType, ClassType, \
+ MODULE_OBJ_NAME, TYPE_##MODULE_OBJ_NAME)
 
 /**
  * OBJECT_DECLARE_SIMPLE_TYPE:
-- 
2.26.2

[PATCH v4 09/18] [automated] Move QOM typedefs and add missing includes (pass 2)

[Eduardo Habkost]

Some typedefs and macros are defined after the type check macros.
This makes it difficult to automatically replace their
definitions with OBJECT_DECLARE_TYPE.

Patch generated using:

 $ ./scripts/codeconverter/converter.py -i \
   --pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]')

which will split "typdef struct { ... } TypedefName"
declarations.

Followed by:

 $ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \
$(git grep -l '' -- '*.[ch]')

which will:
- move the typedefs and #defines above the type check macros
- add missing #include "qom/object.h" lines if necessary

Reviewed-by: Juan Quintela 
Signed-off-by: Eduardo Habkost 
---
Changes v3 -> v4: none

Changes series v2 -> v3: this is a new patch added in series v3

The script was re-run after rebase and after additional patches
were added to this series.

This is being submitted as a separate patch to make review
easier, but it can be squashed into the previous patch once it
gets reviewed.

Signed-off-by: Eduardo Habkost 

---
Cc: Peter Maydell 
Cc: Laurent Vivier 
Cc: David Gibson 
Cc: "Cédric Le Goater" 
Cc: Juan Quintela 
Cc: "Dr. David Alan Gilbert" 
Cc: Yoshinori Sato 
Cc: qemu-...@nongnu.org
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
---
 include/hw/block/swim.h|  6 --
 include/hw/display/macfb.h | 18 ++---
 include/hw/ppc/xive.h  | 41 +++---
 include/hw/rdma/rdma.h |  5 +++--
 migration/migration.h  |  6 --
 target/rx/cpu-qom.h|  6 --
 hw/arm/integratorcp.c  | 16 +--
 hw/arm/versatilepb.c   |  6 --
 hw/arm/vexpress.c  | 11 ++
 hw/sd/pl181.c  |  6 --
 10 files changed, 76 insertions(+), 45 deletions(-)

diff --git a/include/hw/block/swim.h b/include/hw/block/swim.h
index 9d8b65c561..f013d634f7 100644
--- a/include/hw/block/swim.h
+++ b/include/hw/block/swim.h
@@ -13,6 +13,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
+#include "qom/object.h"
 
 #define SWIM_MAX_FD2
 
@@ -67,10 +68,11 @@ struct SWIMCtrl {
 };
 
 #define TYPE_SWIM "swim"
+typedef struct Swim Swim;
 #define SWIM(obj) OBJECT_CHECK(Swim, (obj), TYPE_SWIM)
 
-typedef struct Swim {
+struct Swim {
 SysBusDevice parent_obj;
 SWIMCtrl ctrl;
-} Swim;
+};
 #endif
diff --git a/include/hw/display/macfb.h b/include/hw/display/macfb.h
index 347871b623..d330ee9823 100644
--- a/include/hw/display/macfb.h
+++ b/include/hw/display/macfb.h
@@ -16,6 +16,7 @@
 #include "qemu/osdep.h"
 #include "exec/memory.h"
 #include "ui/console.h"
+#include "qom/object.h"
 
 typedef struct MacfbState {
 MemoryRegion mem_vram;
@@ -31,34 +32,37 @@ typedef struct MacfbState {
 } MacfbState;
 
 #define TYPE_MACFB "sysbus-macfb"
+typedef struct MacfbSysBusState MacfbSysBusState;
 #define MACFB(obj) \
 OBJECT_CHECK(MacfbSysBusState, (obj), TYPE_MACFB)
 
-typedef struct {
+struct MacfbSysBusState {
 SysBusDevice busdev;
 
 MacfbState macfb;
-} MacfbSysBusState;
+};
 
+#define TYPE_NUBUS_MACFB "nubus-macfb"
+typedef struct MacfbNubusDeviceClass MacfbNubusDeviceClass;
+typedef struct MacfbNubusState MacfbNubusState;
 #define NUBUS_MACFB_CLASS(class) \
 OBJECT_CLASS_CHECK(MacfbNubusDeviceClass, (class), TYPE_NUBUS_MACFB)
 #define NUBUS_MACFB_GET_CLASS(obj) \
 OBJECT_GET_CLASS(MacfbNubusDeviceClass, (obj), TYPE_NUBUS_MACFB)
 
-typedef struct MacfbNubusDeviceClass {
+struct MacfbNubusDeviceClass {
 DeviceClass parent_class;
 
 DeviceRealize parent_realize;
-} MacfbNubusDeviceClass;
+};
 
-#define TYPE_NUBUS_MACFB "nubus-macfb"
 #define NUBUS_MACFB(obj) \
 OBJECT_CHECK(MacfbNubusState, (obj), TYPE_NUBUS_MACFB)
 
-typedef struct {
+struct MacfbNubusState {
 NubusDevice busdev;
 
 MacfbState macfb;
-} MacfbNubusState;
+};
 
 #endif
diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
index 2c42ae92d2..8ef9af1969 100644
--- a/include/hw/ppc/xive.h
+++ b/include/hw/ppc/xive.h
@@ -143,6 +143,7 @@
 #include "sysemu/kvm.h"
 #include "hw/sysbus.h"
 #include "hw/ppc/xive_regs.h"
+#include "qom/object.h"
 
 /*
  * XIVE Notifier (Interface between Source and Router)
@@ -153,21 +154,23 @@ typedef struct XiveNotifier XiveNotifier;
 #define TYPE_XIVE_NOTIFIER "xive-notifier"
 #define XIVE_NOTIFIER(obj) \
 INTERFACE_CHECK(XiveNotifier, (obj), TYPE_XIVE_NOTIFIER)
+typedef struct XiveNotifierClass XiveNotifierClass;
 #define XIVE_NOTIFIER_CLASS(klass) \
 OBJECT_CLASS_CHECK(XiveNotifierClass, (klass), TYPE_XIVE_NOTIFIER)
 #define XIVE_NOTIFIER_GET_CLASS(obj)   \
 OBJECT_GET_CLASS(XiveNotifierClass, (obj), TYPE_XIVE_NOTIFIER)
 
-typedef struct XiveNotifierClass {
+struct XiveNotifierClass {
 InterfaceClass parent;
 void (*notify)(XiveNotifier *xn, uint32_t lisn);
-} XiveNotifierClass;
+};
 
 /*
  * XIVE Interrupt Source
  */
 
 #define TYPE_XIVE_SOURCE "xive-source"